d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8380a36c673d98b50c25de762012acd386c0cc6a
explorer-monorepo/NETWORK_ISSUES_COMPLETE_FIX.md

4.6 KiB
Raw Blame History

Network Issues - Complete Fix Guide

Date: 2026-01-21
Status: ISSUES IDENTIFIED - Fix instructions provided

Network Issues Identified

Issue 1: Gateway Connectivity - FIXED

  • Problem: Container could not reach gateway (192.168.11.1)
  • Root Cause: Stale ARP cache entries
  • Fix Applied: ARP cache flushed, gateway entry refreshed
  • Status: RESOLVED

Issue 2: DNS Configuration - FIXED

  • Problem: DNS queries timing out
  • Root Cause: Limited DNS servers, no backup
  • Fix Applied: Added backup DNS servers (8.8.8.8, 1.1.1.1)
  • Status: RESOLVED

Issue 3: Internet Connectivity - BLOCKED BY FIREWALL

  • Problem: Container cannot reach internet (8.8.8.8)
  • Root Cause: UDM Pro firewall blocking outbound traffic
  • Evidence:
    • Container can reach internal IPs (192.168.11.10, 192.168.11.11, 192.168.11.140)
    • Container can reach gateway (192.168.11.1) after ARP refresh
    • Container cannot reach internet (8.8.8.8) - 100% packet loss
    • Proxmox host CAN reach internet
  • Status: ⚠️ REQUIRES UDM PRO FIREWALL RULE

Issue 4: Docker Hub Access - BLOCKED BY FIREWALL

  • Problem: Container cannot reach registry-1.docker.io
  • Root Cause: UDM Pro firewall blocking HTTPS outbound
  • Status: ⚠️ REQUIRES UDM PRO FIREWALL RULE

Root Cause: UDM Pro Firewall

Conclusion: UDM Pro firewall has rules blocking outbound internet traffic from container IPs (192.168.11.166/167).

Evidence:

  • Internal connectivity: Working
  • Gateway connectivity: Working (after ARP fix)
  • Internet connectivity: Blocked
  • Proxmox host internet: Working

This pattern indicates UDM Pro firewall is blocking outbound traffic from the container IPs.

Fix: UDM Pro Firewall Rule

Step 1: Access UDM Pro Web UI

  1. Open browser: https://192.168.11.1
  2. Login with your credentials

Step 2: Add Firewall Rule

  1. Navigate to: Settings → Firewall & Security → Firewall Rules
  2. Click "Create New Rule" or "Add Rule"
  3. Configure rule:
    • Name: Allow Container Outbound
    • Action: Accept or Allow
    • Source:
      • Type: IP Address
      • Address: 192.168.11.166, 192.168.11.167
      • Or use CIDR: 192.168.11.166/32, 192.168.11.167/32
    • Destination: Any or leave blank
    • Protocol: Any or All
    • Port: Any or leave blank
    • Direction: Outbound or Both
  4. Placement: Ensure this rule is BEFORE any deny/drop rules
  5. Enable: Make sure rule is enabled (not paused)
  6. Click "Save" or "Apply"
  7. Wait 30 seconds for rules to apply

Step 3: Verify Fix

After adding the rule, test from container:

# Test internet connectivity
ssh root@r630-01
pct exec 10233 -- ping -c 2 8.8.8.8

# Test DNS
pct exec 10233 -- nslookup registry-1.docker.io

# Test Docker Hub
pct exec 10233 -- curl -s https://registry-1.docker.io/v2/ | head -3

# Test Docker pull
pct exec 10233 -- docker pull zoeyvid/npmplus:2026-01-20-r2

Alternative Solutions (If Firewall Rule Not Possible)

Option 1: Use Proxmox Host as Docker Registry Proxy

If you can't modify UDM Pro firewall, set up a local Docker registry proxy on Proxmox host.

Option 2: Manual Image Transfer

  1. Download image on a machine with internet
  2. Transfer to Proxmox host
  3. Load into container's Docker

Option 3: Configure Container to Use Different Network

Move container to a network segment that has outbound access allowed.

Current Network Status

Working

  • Container ↔ Gateway (192.168.11.1)
  • Container ↔ Internal IPs (192.168.11.10, 192.168.11.11, 192.168.11.140)
  • Container ↔ VMID 5000 (192.168.11.140:80)
  • DNS servers configured
  • Default route correct

Blocked by UDM Pro Firewall

  • Container → Internet (8.8.8.8)
  • Container → Docker Hub (registry-1.docker.io)
  • Container → Any external HTTPS/HTTP

Summary

Status: NETWORK ISSUES IDENTIFIED

Fixes Applied:

  • DNS configuration (backup servers added)
  • Gateway connectivity (ARP cache refreshed)
  • Default route (verified correct)
  • Container restarted (applied changes)

Remaining Issue:

  • UDM Pro firewall blocking outbound internet

Solution:

  • ⚠️ Add firewall rule in UDM Pro Web UI (see instructions above)

Impact:

  • Explorer functionality: Working (internal path works)
  • NPMplus update: ⚠️ Blocked (cannot pull Docker images)
  • External access: Working (port forwarding configured)

Next Step: Add UDM Pro firewall rule to allow container outbound access

Reference in New Issue View Git Blame Copy Permalink