112 lines
2.9 KiB
Markdown
112 lines
2.9 KiB
Markdown
# Firewall Rules Verification - Next Steps
|
|
|
|
**Date**: 2026-01-21
|
|
**Status**: ✅ Rules Configured - Need to Verify Order & Test
|
|
|
|
---
|
|
|
|
## Confirmed Configuration
|
|
|
|
From your UDM Pro screenshot, I can confirm:
|
|
|
|
### ✅ Port Forwarding Rules (Configured)
|
|
- Nginx HTTPS (76.53.10.36:443) → 192.168.11.166:443
|
|
- Nginx HTTP (76.53.10.36:80) → 192.168.11.166:80
|
|
- Nginx Manager (76.53.10.36:81) → 192.168.11.166:81
|
|
|
|
### ✅ Firewall Allow Rules (Configured)
|
|
- Allow External → Internal (192.168.11.166:80)
|
|
- Allow External → Internal (192.168.11.166:443)
|
|
- Allow External → Internal (192.168.11.166:81)
|
|
|
|
**All required rules are present!**
|
|
|
|
---
|
|
|
|
## Most Likely Issue: Rule Order
|
|
|
|
Firewall rules are processed **top to bottom**. If a "Block" rule comes before an "Allow" rule, the block will take effect.
|
|
|
|
### Action Required:
|
|
|
|
1. **In UDM Pro Web UI:**
|
|
- Go to: **Settings** → **Firewall & Security** → **Firewall Rules**
|
|
- Look at the **list of all firewall rules**
|
|
|
|
2. **Check Rule Order:**
|
|
- The "Allow Port Forward..." rules should be **at the TOP** of the list
|
|
- Any "Block External → Internal" rules should be **BELOW** the allow rules
|
|
- If a block rule is above an allow rule, **move the allow rule up** or **move the block rule down**
|
|
|
|
3. **Verify Rule Status:**
|
|
- Ensure all rules show as **"Enabled"** (checkmark or toggle ON)
|
|
- Disabled rules won't work
|
|
|
|
---
|
|
|
|
## Quick Fix Steps
|
|
|
|
### Option 1: Reorder Rules (Recommended)
|
|
1. In Firewall Rules list, find "Allow Port Forward..." rules
|
|
2. Use drag-and-drop or up/down arrows to move them to the **top**
|
|
3. Save/Apply changes
|
|
4. Wait 30 seconds
|
|
5. Test external access
|
|
|
|
### Option 2: Modify Block Rules
|
|
If you can't reorder rules:
|
|
1. Find any "Block External → Internal" rules
|
|
2. Edit them to **exclude** destination 192.168.11.166
|
|
3. Or add exception for ports 80, 443, 81
|
|
4. Save changes
|
|
|
|
---
|
|
|
|
## Additional Checks
|
|
|
|
### 1. ISP Blocking
|
|
Some ISPs block ports 80/443. Test from:
|
|
- Different network/location
|
|
- Mobile hotspot
|
|
- VPN connection
|
|
|
|
### 2. UDM Pro Logs
|
|
Check firewall logs for blocked connections:
|
|
- UDM Pro → Settings → Logs → Firewall Logs
|
|
- Look for entries related to 192.168.11.166:80 or 443
|
|
- This will show which rule is blocking (if any)
|
|
|
|
### 3. Test Port 81
|
|
Since port 81 is also configured, test it:
|
|
```bash
|
|
curl -v http://76.53.10.36:81
|
|
```
|
|
If port 81 works but 80/443 don't, it's likely ISP blocking.
|
|
|
|
---
|
|
|
|
## Testing After Fix
|
|
|
|
```bash
|
|
# Test HTTPS
|
|
curl -v --connect-timeout 10 https://explorer.d-bis.org
|
|
|
|
# Test HTTP
|
|
curl -v --connect-timeout 10 http://explorer.d-bis.org
|
|
|
|
# Test direct IP
|
|
curl -v --connect-timeout 10 https://76.53.10.36
|
|
```
|
|
|
|
---
|
|
|
|
## Summary
|
|
|
|
**All rules are correctly configured!** The issue is most likely:
|
|
|
|
1. **Rule order** - Block rules may be before allow rules
|
|
2. **ISP blocking** - ISP may be blocking ports 80/443
|
|
3. **Rule not enabled** - Rules may be disabled
|
|
|
|
**Next Step**: Check firewall rule order in UDM Pro and ensure allow rules are at the top.
|