d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8380a36c673d98b50c25de762012acd386c0cc6a
explorer-monorepo/UDM_PRO_COMPLETE_DIAGNOSIS.sh

176 lines
5.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Complete UDM Pro Diagnosis Script
# Runs all diagnosis commands and generates report
set -uo pipefail
UDM_USER="OQmQuS"
UDM_PASS="m0MFXHdgMFKGB2l3bO4"
UDM_IP="192.168.11.1"
REPORT_FILE="/home/intlc/projects/proxmox/explorer-monorepo/UDM_PRO_DIAGNOSIS_REPORT.md"
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
echo "=========================================="
echo "UDM Pro Complete Diagnosis"
echo "=========================================="
echo ""
# Function to run command on UDM Pro
udm_cmd() {
sshpass -p "$UDM_PASS" ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR "$UDM_USER@$UDM_IP" "$@" 2>&1
}
# Start report
cat > "$REPORT_FILE" << EOF
# UDM Pro Complete Diagnosis Report
**Date**: $(date)
**UDM Pro IP**: $UDM_IP
**SSH User**: $UDM_USER
---
## 1. System Information
EOF
echo -e "${BLUE}=== System Information ===${NC}"
SYSTEM_INFO=$(udm_cmd "uname -a")
echo "$SYSTEM_INFO"
echo "$SYSTEM_INFO" >> "$REPORT_FILE"
echo "" >> "$REPORT_FILE"
# Port Forwarding Check
echo ""
echo -e "${BLUE}=== Port Forwarding (NAT Rules) ===${NC}"
cat >> "$REPORT_FILE" << EOF
## 2. Port Forwarding Rules (NAT Table)
Checking for DNAT rules for 76.53.10.36:80/443 → 192.168.11.166:80/443
EOF
NAT_RULES=$(udm_cmd "sudo iptables -t nat -L PREROUTING -n -v 2>&1 | grep -A 3 '76.53.10.36'")
if [ -n "$NAT_RULES" ]; then
echo -e "${GREEN}✅ Port forwarding rules found:${NC}"
echo "$NAT_RULES"
echo "**Status**: ✅ **Port forwarding rules are active**" >> "$REPORT_FILE"
echo '```' >> "$REPORT_FILE"
echo "$NAT_RULES" >> "$REPORT_FILE"
echo '```' >> "$REPORT_FILE"
else
echo -e "${RED}❌ No port forwarding rules found for 76.53.10.36${NC}"
echo "**Status**: ❌ **Port forwarding rules are NOT active**" >> "$REPORT_FILE"
echo "**Issue**: No DNAT rules found for 76.53.10.36:80/443" >> "$REPORT_FILE"
echo "**Fix**: Enable port forwarding rules in UDM Pro Web UI" >> "$REPORT_FILE"
fi
echo "" >> "$REPORT_FILE"
# Firewall Rules Check
echo ""
echo -e "${BLUE}=== Firewall Rules for NPMplus ===${NC}"
cat >> "$REPORT_FILE" << EOF
## 3. Firewall Rules for NPMplus (192.168.11.166)
Checking for ACCEPT rules for 192.168.11.166:80/443
EOF
FW_RULES=$(udm_cmd "sudo iptables -L FORWARD -n -v 2>&1 | grep -A 3 '192.168.11.166'")
if [ -n "$FW_RULES" ]; then
echo -e "${GREEN}✅ Firewall rules found:${NC}"
echo "$FW_RULES"
echo "**Status**: ✅ **Firewall rules exist**" >> "$REPORT_FILE"
echo '```' >> "$REPORT_FILE"
echo "$FW_RULES" >> "$REPORT_FILE"
echo '```' >> "$REPORT_FILE"
# Check if rules are ACCEPT or DROP
if echo "$FW_RULES" | grep -q "ACCEPT"; then
echo "**Action**: ACCEPT (✅ Allowing traffic)" >> "$REPORT_FILE"
elif echo "$FW_RULES" | grep -qE "DROP|REJECT"; then
echo "**Action**: DROP/REJECT (❌ Blocking traffic)" >> "$REPORT_FILE"
echo "**Issue**: Firewall is blocking traffic to NPMplus" >> "$REPORT_FILE"
echo "**Fix**: Change rules to ACCEPT or add allow rules" >> "$REPORT_FILE"
fi
else
echo -e "${RED}❌ No firewall rules found for 192.168.11.166${NC}"
echo "**Status**: ❌ **No firewall rules found**" >> "$REPORT_FILE"
echo "**Issue**: Firewall may be blocking traffic (default deny)" >> "$REPORT_FILE"
echo "**Fix**: Add allow rules for 192.168.11.166:80/443" >> "$REPORT_FILE"
fi
echo "" >> "$REPORT_FILE"
# Rule Order Check
echo ""
echo -e "${BLUE}=== Firewall Rule Order ===${NC}"
cat >> "$REPORT_FILE" << EOF
## 4. Firewall Rule Order
Checking if allow rules come before block rules
EOF
RULE_ORDER=$(udm_cmd "sudo iptables -L FORWARD -n -v --line-numbers 2>&1 | head -50")
echo "$RULE_ORDER"
echo '```' >> "$REPORT_FILE"
echo "$RULE_ORDER" >> "$REPORT_FILE"
echo '```' >> "$REPORT_FILE"
echo "" >> "$REPORT_FILE"
# Analysis
cat >> "$REPORT_FILE" << EOF
## 5. Analysis & Recommendations
EOF
# Check for issues
ISSUES=0
if [ -z "$NAT_RULES" ]; then
echo "### Issue 1: Port Forwarding Not Active" >> "$REPORT_FILE"
echo "- **Problem**: No DNAT rules found for 76.53.10.36" >> "$REPORT_FILE"
echo "- **Fix**: Enable port forwarding rules in UDM Pro Web UI" >> "$REPORT_FILE"
echo " 1. Settings → Firewall & Security → Port Forwarding" >> "$REPORT_FILE"
echo " 2. Verify rules for 76.53.10.36:80/443 are **enabled**" >> "$REPORT_FILE"
echo " 3. Save and wait 30 seconds" >> "$REPORT_FILE"
((ISSUES++))
fi
if [ -z "$FW_RULES" ] || echo "$FW_RULES" | grep -qE "DROP|REJECT"; then
echo "### Issue 2: Firewall Blocking Traffic" >> "$REPORT_FILE"
echo "- **Problem**: No allow rules or rules are blocking" >> "$REPORT_FILE"
echo "- **Fix**: Add/update firewall rules in UDM Pro Web UI" >> "$REPORT_FILE"
echo " 1. Settings → Firewall & Security → Firewall Rules" >> "$REPORT_FILE"
echo " 2. Ensure 'Allow Port Forward...' rules exist" >> "$REPORT_FILE"
echo " 3. Move allow rules to the **top** of the list" >> "$REPORT_FILE"
echo " 4. Save and wait 30 seconds" >> "$REPORT_FILE"
((ISSUES++))
fi
if [ $ISSUES -eq 0 ]; then
echo "### Status: ✅ All Rules Appear Correct" >> "$REPORT_FILE"
echo "- Port forwarding rules are active" >> "$REPORT_FILE"
echo "- Firewall rules allow traffic" >> "$REPORT_FILE"
echo "- If external access still doesn't work, check:" >> "$REPORT_FILE"
echo " - ISP blocking ports 80/443" >> "$REPORT_FILE"
echo " - Network routing issues" >> "$REPORT_FILE"
echo " - Test from different network/location" >> "$REPORT_FILE"
fi
echo ""
echo "=========================================="
echo -e "${GREEN}Diagnosis Complete${NC}"
echo "=========================================="
echo ""
echo "Report saved to: $REPORT_FILE"
echo ""
Reference in New Issue View Git Blame Copy Permalink