d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
903c03c65b953d50006bff96c4acf7eef003a130
explorer-monorepo/UDM_PRO_MANUAL_COMMANDS.md

123 lines
2.8 KiB
Markdown
Raw Blame History

# UDM Pro Manual Diagnosis Commands
**Date**: 2026-01-21
**SSH Credentials**: OQmQuS@192.168.11.1
**Password**: m0MFXHdgMFKGB2l3bO4
---
## Connect to UDM Pro
```bash
ssh OQmQuS@192.168.11.1
# Enter password when prompted
```
---
## Critical Diagnosis Commands
### 1. Check Port Forwarding (NAT Rules)
```bash
sudo iptables -t nat -L PREROUTING -n -v | grep -A 3 "76.53.10.36"
```
**What to look for:**
- Should show DNAT rules for ports 80 and 443
- If empty: Port forwarding rules are NOT active
**Expected output (if working):**
```
DNAT tcp -- 0.0.0.0/0 76.53.10.36 tcp dpt:80 to:192.168.11.166:80
DNAT tcp -- 0.0.0.0/0 76.53.10.36 tcp dpt:443 to:192.168.11.166:443
```
---
### 2. Check Firewall Rules for NPMplus
```bash
sudo iptables -L FORWARD -n -v | grep -A 3 "192.168.11.166"
```
**What to look for:**
- Should show ACCEPT rules for ports 80 and 443
- Should NOT show DROP or REJECT rules
**Expected output (if working):**
```
ACCEPT tcp -- 0.0.0.0/0 192.168.11.166 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 192.168.11.166 tcp dpt:443
```
---
### 3. Check Firewall Rule Order
```bash
sudo iptables -L FORWARD -n -v --line-numbers | head -50
```
**What to look for:**
- **Allow rules** for 192.168.11.166 should be **BEFORE** any **block rules**
- If block rules come first, they will block the traffic
---
### 4. Complete Check (All in One)
```bash
echo "=== Port Forwarding (NAT) ==="
sudo iptables -t nat -L PREROUTING -n -v | grep -A 3 "76.53.10.36"
echo ""
echo "=== Firewall Rules (FORWARD) ==="
sudo iptables -L FORWARD -n -v | grep -A 3 "192.168.11.166"
echo ""
echo "=== Rule Order (First 30 rules) ==="
sudo iptables -L FORWARD -n -v --line-numbers | head -30
```
---
## What Each Result Means
### If NAT Rules Are Missing:
**Problem**: Port forwarding rules are not active
**Fix**: Go to Web UI → Port Forwarding → Enable rules for 76.53.10.36:80/443
### If Firewall Rules Are Missing:
**Problem**: Firewall is blocking traffic
**Fix**: Go to Web UI → Firewall Rules → Add "Allow Port Forward..." rules
### If Block Rules Come Before Allow Rules:
**Problem**: Rule order is wrong
**Fix**: Go to Web UI → Firewall Rules → Move allow rules to the top
---
## Quick Fix Checklist
Based on diagnosis results:
- [ ] **Port forwarding rules enabled** in Web UI
- [ ] **Firewall allow rules exist** for 192.168.11.166:80/443
- [ ] **Allow rules are at the top** of firewall rules list
- [ ] **Rules are saved and applied**
---
## After Making Changes
1. Wait 30 seconds for rules to apply
2. Re-run diagnosis commands to verify
3. Test external access:
```bash
curl -v http://76.53.10.36
curl -v https://76.53.10.36
```
---
**Run these commands manually and share the output for analysis**
Reference in New Issue View Git Blame Copy Permalink