128 lines
3.0 KiB
Markdown
128 lines
3.0 KiB
Markdown
# Network Connectivity Issue - NPMplus Not Reachable
|
|
|
|
**Date**: 2026-01-21
|
|
**Issue**: NPMplus (192.168.11.166) not reachable from 192.168.11.4, but working internally
|
|
|
|
---
|
|
|
|
## Current Status
|
|
|
|
### ✅ Working:
|
|
- Container is running
|
|
- Ports 80/443 are listening inside container
|
|
- Ping works (ICMP)
|
|
- NPMplus responds from inside container
|
|
|
|
### ❌ Not Working:
|
|
- TCP connections from 192.168.11.4 → 192.168.11.166:80/443 → Connection refused
|
|
- This suggests a firewall or network policy blocking TCP
|
|
|
|
---
|
|
|
|
## Analysis
|
|
|
|
**Connection Refused** (not timeout) typically means:
|
|
1. Service is not listening on that interface
|
|
2. Firewall is actively rejecting connections
|
|
3. Network policy is blocking TCP traffic
|
|
|
|
Since:
|
|
- ✅ Service IS listening (verified inside container)
|
|
- ✅ Ping works (ICMP allowed)
|
|
- ❌ TCP connections refused
|
|
|
|
**Conclusion**: Firewall or network policy is blocking TCP traffic to 192.168.11.166
|
|
|
|
---
|
|
|
|
## Possible Causes
|
|
|
|
### 1. Container Firewall
|
|
- Container may have firewall rules blocking incoming connections
|
|
- Check: `pct exec 10233 -- iptables -L -n -v`
|
|
|
|
### 2. Host Firewall
|
|
- Proxmox host firewall may be blocking
|
|
- Check: `iptables -L -n -v` on r630-01
|
|
|
|
### 3. UDM Pro Firewall
|
|
- UDM Pro may have rules blocking internal → internal TCP
|
|
- Check firewall rules for internal network restrictions
|
|
|
|
### 4. Network Segmentation
|
|
- VLAN or network policy may be blocking
|
|
- Check network configuration
|
|
|
|
---
|
|
|
|
## Fix Steps
|
|
|
|
### Step 1: Check Container Firewall
|
|
|
|
```bash
|
|
ssh root@r630-01
|
|
pct exec 10233 -- iptables -L -n -v
|
|
```
|
|
|
|
**If blocking rules found:**
|
|
- Add allow rules for ports 80/443
|
|
- Or disable container firewall if not needed
|
|
|
|
### Step 2: Check Host Firewall
|
|
|
|
```bash
|
|
ssh root@r630-01
|
|
iptables -L -n -v | grep 192.168.11.166
|
|
```
|
|
|
|
**If blocking rules found:**
|
|
- Add allow rules for 192.168.11.166:80/443
|
|
- Or adjust firewall policy
|
|
|
|
### Step 3: Check UDM Pro Internal Rules
|
|
|
|
UDM Pro may have rules blocking internal → internal traffic:
|
|
- Check firewall rules for Internal → Internal policies
|
|
- Ensure TCP traffic is allowed between internal IPs
|
|
|
|
---
|
|
|
|
## Quick Test
|
|
|
|
Test from different internal IP to see if it's specific to 192.168.11.4:
|
|
|
|
```bash
|
|
# From another internal device
|
|
curl -v http://192.168.11.166 -H "Host: explorer.d-bis.org"
|
|
```
|
|
|
|
---
|
|
|
|
## Impact on External Access
|
|
|
|
**Important**: Even if internal access doesn't work, **external access might still work** if:
|
|
- Port forwarding rules are active
|
|
- External → Internal firewall rules allow traffic
|
|
- UDM Pro routes external traffic differently than internal traffic
|
|
|
|
**The real test is external access from the internet.**
|
|
|
|
---
|
|
|
|
## Summary
|
|
|
|
**Issue**: Internal access to NPMplus blocked (likely firewall)
|
|
|
|
**Impact**:
|
|
- ❌ Internal testing from 192.168.11.4 won't work
|
|
- ❓ External access may still work (needs testing)
|
|
|
|
**Next Steps**:
|
|
1. Check and fix firewall rules
|
|
2. **Test external access** (most important)
|
|
3. If external works, internal issue is separate
|
|
|
|
---
|
|
|
|
**Status**: ⚠️ **INTERNAL ACCESS BLOCKED - TEST EXTERNAL ACCESS**
|