# UDM Pro Internet Blocking - CONFIRMED **Date**: 2026-01-21 **Evidence Source**: UniFi Network Controller Screenshot **Client**: NPMplus dot 167 (192.168.11.167) --- ## Critical Finding: Zero Internet Activity ### UDM Pro Client Overview - **Client Name**: NPMplus dot 167 - **IP Address**: 192.168.11.167 - **MAC Address** (from UDM Pro): `bc:24:11:8d:ec:b7` - **24H Internet Activity**: **0 B** ⚠️ - **Virtual Network**: MGMT-LAN (VLAN ID 11) - **Manufacturer**: Proxmox Server Solutions GmbH --- ## Analysis ### ✅ Device Recognition UDM Pro correctly identifies the NPMplus container: - IP address matches: 192.168.11.167 - Manufacturer correctly identified as Proxmox - Connected via UDM Pro GbE ### ❌ Internet Access Blocked **24H Internet Activity: 0 B** confirms: - UDM Pro firewall is blocking outbound internet traffic - This explains why Docker Hub pulls are timing out - This explains why container cannot reach 8.8.8.8 ### ⚠️ MAC Address Discrepancy - **UDM Pro shows**: `bc:24:11:8d:ec:b7` - **Container config shows**: `BC:24:11:A8:C1:5D` **Possible explanations**: 1. UDM Pro may be showing a different MAC (bridge/veth pair) 2. MAC address may have changed 3. UDM Pro may be tracking a different interface **Action**: Verify which MAC is actually active --- ## Root Cause Confirmed The **0 B internet activity** definitively proves: - ✅ Container is recognized by UDM Pro - ❌ **Outbound internet traffic is blocked by UDM Pro firewall** - ❌ This is preventing Docker Hub access - ❌ This is preventing NPMplus updates --- ## Solution: UDM Pro Firewall Rule ### Step 1: Access UDM Pro 1. Open: `https://192.168.11.1` 2. Navigate to: **Clients** → **NPMplus dot 167** ### Step 2: Check Current Firewall Rules 1. Go to: **Settings → Firewall & Security → Firewall Rules** 2. Look for rules affecting: - Source: `192.168.11.167` - Virtual Network: `MGMT-LAN` (VLAN 11) - Outbound traffic ### Step 3: Add Allow Rule Create a new firewall rule: **Rule Configuration**: - **Name**: `Allow NPMplus Outbound` - **Action**: `Accept` / `Allow` - **Source**: - Type: `IP Address` - Address: `192.168.11.167` - Or use MAC: `bc:24:11:8d:ec:b7` - **Destination**: `Any` (or `Internet`) - **Protocol**: `Any` - **Port**: `Any` - **Direction**: `Outbound` or `Both` - **Virtual Network**: `MGMT-LAN` (VLAN 11) - **Placement**: **BEFORE** any deny/drop rules ### Step 4: Verify Fix After adding the rule, wait 30 seconds, then: ```bash # Test from container ssh root@r630-01 pct exec 10233 -- ping -c 2 8.8.8.8 # Test Docker Hub pct exec 10233 -- curl -s https://registry-1.docker.io/v2/ | head -3 # Check UDM Pro client overview again # Should show internet activity > 0 B ``` --- ## Alternative: MAC-Based Rule If IP-based rules don't work, try MAC-based: - **Source MAC**: `bc:24:11:8d:ec:b7` - **Action**: `Accept` - **Destination**: `Any` --- ## Expected Result After adding the firewall rule: - ✅ Container can reach internet (8.8.8.8) - ✅ Container can reach Docker Hub - ✅ Docker pull will succeed - ✅ UDM Pro client overview will show internet activity > 0 B --- ## Summary **Status**: ✅ **ROOT CAUSE CONFIRMED** **Evidence**: - UDM Pro shows 0 B internet activity for 192.168.11.167 - This confirms firewall blocking outbound traffic **Solution**: - Add UDM Pro firewall rule to allow outbound from 192.168.11.167 - Use IP address or MAC address (`bc:24:11:8d:ec:b7`) **Next Step**: Add firewall rule in UDM Pro Web UI --- **Action Required**: Configure UDM Pro firewall rule to allow outbound internet access