d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2b956a5a834de329908e4bc82d5b3a5bd49b2a03
explorer-monorepo/FIREWALL_RULES_VERIFIED.md

2.9 KiB
Raw Blame History

Firewall Rules Verification - Next Steps

Date: 2026-01-21
Status: Rules Configured - Need to Verify Order & Test

Confirmed Configuration

From your UDM Pro screenshot, I can confirm:

Port Forwarding Rules (Configured)

  • Nginx HTTPS (76.53.10.36:443) → 192.168.11.166:443
  • Nginx HTTP (76.53.10.36:80) → 192.168.11.166:80
  • Nginx Manager (76.53.10.36:81) → 192.168.11.166:81

Firewall Allow Rules (Configured)

  • Allow External → Internal (192.168.11.166:80)
  • Allow External → Internal (192.168.11.166:443)
  • Allow External → Internal (192.168.11.166:81)

All required rules are present!

Most Likely Issue: Rule Order

Firewall rules are processed top to bottom. If a "Block" rule comes before an "Allow" rule, the block will take effect.

Action Required:

  1. In UDM Pro Web UI:

    • Go to: SettingsFirewall & SecurityFirewall Rules
    • Look at the list of all firewall rules

  2. Check Rule Order:

    • The "Allow Port Forward..." rules should be at the TOP of the list
    • Any "Block External → Internal" rules should be BELOW the allow rules
    • If a block rule is above an allow rule, move the allow rule up or move the block rule down

  3. Verify Rule Status:

    • Ensure all rules show as "Enabled" (checkmark or toggle ON)
    • Disabled rules won't work

Quick Fix Steps

Option 1: Reorder Rules (Recommended)

  1. In Firewall Rules list, find "Allow Port Forward..." rules
  2. Use drag-and-drop or up/down arrows to move them to the top
  3. Save/Apply changes
  4. Wait 30 seconds
  5. Test external access

Option 2: Modify Block Rules

If you can't reorder rules:

  1. Find any "Block External → Internal" rules
  2. Edit them to exclude destination 192.168.11.166
  3. Or add exception for ports 80, 443, 81
  4. Save changes

Additional Checks

1. ISP Blocking

Some ISPs block ports 80/443. Test from:

  • Different network/location
  • Mobile hotspot
  • VPN connection

2. UDM Pro Logs

Check firewall logs for blocked connections:

  • UDM Pro → Settings → Logs → Firewall Logs
  • Look for entries related to 192.168.11.166:80 or 443
  • This will show which rule is blocking (if any)

3. Test Port 81

Since port 81 is also configured, test it:

curl -v http://76.53.10.36:81

If port 81 works but 80/443 don't, it's likely ISP blocking.

Testing After Fix

# Test HTTPS
curl -v --connect-timeout 10 https://explorer.d-bis.org

# Test HTTP
curl -v --connect-timeout 10 http://explorer.d-bis.org

# Test direct IP
curl -v --connect-timeout 10 https://76.53.10.36

Summary

All rules are correctly configured! The issue is most likely:

  1. Rule order - Block rules may be before allow rules
  2. ISP blocking - ISP may be blocking ports 80/443
  3. Rule not enabled - Rules may be disabled

Next Step: Check firewall rule order in UDM Pro and ensure allow rules are at the top.

Reference in New Issue View Git Blame Copy Permalink