d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1c8ca4172a83af061e7d0ef10a87f6d3a87bda01
explorer-monorepo/UDM_PRO_INTERNET_BLOCKING_CONFIRMED.md

142 lines
3.5 KiB
Markdown
Raw Blame History

# UDM Pro Internet Blocking - CONFIRMED
**Date**: 2026-01-21
**Evidence Source**: UniFi Network Controller Screenshot
**Client**: NPMplus dot 167 (192.168.11.167)
---
## Critical Finding: Zero Internet Activity
### UDM Pro Client Overview
- **Client Name**: NPMplus dot 167
- **IP Address**: 192.168.11.167
- **MAC Address** (from UDM Pro): `bc:24:11:8d:ec:b7`
- **24H Internet Activity**: **0 B** ⚠️
- **Virtual Network**: MGMT-LAN (VLAN ID 11)
- **Manufacturer**: Proxmox Server Solutions GmbH
---
## Analysis
### ✅ Device Recognition
UDM Pro correctly identifies the NPMplus container:
- IP address matches: 192.168.11.167
- Manufacturer correctly identified as Proxmox
- Connected via UDM Pro GbE
### ❌ Internet Access Blocked
**24H Internet Activity: 0 B** confirms:
- UDM Pro firewall is blocking outbound internet traffic
- This explains why Docker Hub pulls are timing out
- This explains why container cannot reach 8.8.8.8
### ⚠️ MAC Address Discrepancy
- **UDM Pro shows**: `bc:24:11:8d:ec:b7`
- **Container config shows**: `BC:24:11:A8:C1:5D`
**Possible explanations**:
1. UDM Pro may be showing a different MAC (bridge/veth pair)
2. MAC address may have changed
3. UDM Pro may be tracking a different interface
**Action**: Verify which MAC is actually active
---
## Root Cause Confirmed
The **0 B internet activity** definitively proves:
- ✅ Container is recognized by UDM Pro
-**Outbound internet traffic is blocked by UDM Pro firewall**
- ❌ This is preventing Docker Hub access
- ❌ This is preventing NPMplus updates
---
## Solution: UDM Pro Firewall Rule
### Step 1: Access UDM Pro
1. Open: `https://192.168.11.1`
2. Navigate to: **Clients****NPMplus dot 167**
### Step 2: Check Current Firewall Rules
1. Go to: **Settings → Firewall & Security → Firewall Rules**
2. Look for rules affecting:
- Source: `192.168.11.167`
- Virtual Network: `MGMT-LAN` (VLAN 11)
- Outbound traffic
### Step 3: Add Allow Rule
Create a new firewall rule:
**Rule Configuration**:
- **Name**: `Allow NPMplus Outbound`
- **Action**: `Accept` / `Allow`
- **Source**:
- Type: `IP Address`
- Address: `192.168.11.167`
- Or use MAC: `bc:24:11:8d:ec:b7`
- **Destination**: `Any` (or `Internet`)
- **Protocol**: `Any`
- **Port**: `Any`
- **Direction**: `Outbound` or `Both`
- **Virtual Network**: `MGMT-LAN` (VLAN 11)
- **Placement**: **BEFORE** any deny/drop rules
### Step 4: Verify Fix
After adding the rule, wait 30 seconds, then:
```bash
# Test from container
ssh root@r630-01
pct exec 10233 -- ping -c 2 8.8.8.8
# Test Docker Hub
pct exec 10233 -- curl -s https://registry-1.docker.io/v2/ | head -3
# Check UDM Pro client overview again
# Should show internet activity > 0 B
```
---
## Alternative: MAC-Based Rule
If IP-based rules don't work, try MAC-based:
- **Source MAC**: `bc:24:11:8d:ec:b7`
- **Action**: `Accept`
- **Destination**: `Any`
---
## Expected Result
After adding the firewall rule:
- ✅ Container can reach internet (8.8.8.8)
- ✅ Container can reach Docker Hub
- ✅ Docker pull will succeed
- ✅ UDM Pro client overview will show internet activity > 0 B
---
## Summary
**Status**: ✅ **ROOT CAUSE CONFIRMED**
**Evidence**:
- UDM Pro shows 0 B internet activity for 192.168.11.167
- This confirms firewall blocking outbound traffic
**Solution**:
- Add UDM Pro firewall rule to allow outbound from 192.168.11.167
- Use IP address or MAC address (`bc:24:11:8d:ec:b7`)
**Next Step**: Add firewall rule in UDM Pro Web UI
---
**Action Required**: Configure UDM Pro firewall rule to allow outbound internet access
Reference in New Issue View Git Blame Copy Permalink