d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a53c15507ffabaf4280b85260cc4b9830824b71c
explorer-monorepo/EXTERNAL_TETHERING_TEST_REPORT.md

6.0 KiB
Raw Blame History

External Network Test Report (Tethering Active)

Date: 2026-01-21
Test Environment: External Network (Mobile Tethering)
Public IP: 76.53.10.36

Test Results Summary

Test Status Details
DNS Resolution PASS explorer.d-bis.org → 76.53.10.36
TCP Connection (HTTPS) ⚠️ PARTIAL Connects but SSL handshake times out
TCP Connection (HTTP) ⚠️ PARTIAL Connects but response times out
Public IP Direct ⚠️ PARTIAL Connects but response times out
Frontend Content FAIL No content received
API Endpoint FAIL Not accessible
NPMplus Container PASS Running
VMID 5000 Container PASS Running
UDM Pro SSH ⚠️ WARN Unreachable from external (expected)

Critical Findings

Progress: TCP Connections Are Being Established

Key Discovery: Unlike previous tests, TCP connections ARE now being established:

  • Can connect to port 80 (HTTP)
  • Can connect to port 443 (HTTPS)
  • DNS resolution works
  • TCP handshake completes

This indicates port forwarding rules may be partially active or there's a different issue.

Problem: Connections Timeout After Establishment

Issue: After TCP connection is established:

  • HTTP: Connection established but no response received (timeout after 15s)
  • HTTPS: SSL handshake times out
  • No data is being returned

Possible Causes:

  1. Port forwarding rules are active but incomplete

    • DNAT may be working (allowing connection)
    • But return path may be blocked
    • Or firewall rules may be blocking responses

  2. Firewall rules blocking return traffic

    • UDM Pro may allow incoming connections
    • But may block outgoing responses
    • Need to check FORWARD chain rules

  3. NPMplus not responding to external connections

    • May only be listening on internal interface
    • May have firewall rules blocking external IPs
    • May need to check NPMplus configuration

  4. Asymmetric routing issue

    • Traffic coming in via UDM Pro
    • But responses trying to go out different path
    • Need proper routing configuration

Detailed Test Results

1. DNS Resolution 

explorer.d-bis.org → 76.53.10.36

Status: Working correctly

2. HTTPS Connection (Port 443) ⚠️

* Connected to explorer.d-bis.org (76.53.10.36) port 443
* SSL connection timeout

Status: TCP connection established, but SSL handshake times out

3. HTTP Connection (Port 80) ⚠️

* Connected to explorer.d-bis.org (76.53.10.36) port 80
* Operation timed out after 15003 milliseconds with 0 bytes received

Status: TCP connection established, but no HTTP response received

4. Public IP Direct ⚠️

* Connected to 76.53.10.36 (76.53.10.36) port 80
* Operation timed out after 15002 milliseconds with 0 bytes received

Status: Same behavior as domain name - confirms issue is at network level

5. Frontend Content

Status: No HTML content received

6. API Endpoint

Status: Not accessible

7. Internal Components

  • NPMplus (VMID 10233): Running
  • VMID 5000: Running

Diagnosis

What's Working

  1. DNS resolution
  2. TCP connection establishment (ports 80/443)
  3. Internal services running
  4. Port forwarding appears to be allowing connections

What's Not Working

  1. No data/response after connection established
  2. SSL handshake fails
  3. HTTP requests timeout
  4. No content returned

Root Cause Analysis

Most Likely Issue: Firewall rules blocking return traffic

The fact that TCP connections are established but no data flows suggests:

  • Port forwarding (DNAT) is working (allowing connections)
  • But firewall rules are blocking the return path
  • Or NPMplus is not configured to accept connections from external IPs

Recommended Fixes

Priority 1: Check UDM Pro Firewall Rules

Action: Verify firewall rules allow return traffic

  1. Access UDM Pro Web UI (from internal network)

  2. Go to: Settings → Firewall & Security → Firewall Rules

  3. Check for rules that:

    • Allow traffic FROM 192.168.11.166 (NPMplus)
    • Allow traffic TO 192.168.11.166:80/443
    • Are placed BEFORE any deny rules

  4. Verify "Allow Port Forward..." rules exist and are enabled

Priority 2: Check NPMplus Configuration

Action: Verify NPMplus accepts external connections

# Check if NPMplus is listening on all interfaces
ssh root@192.168.11.10 "ssh root@r630-01 'pct exec 10233 -- ss -tlnp | grep -E \":80 |:443 \"'"

# Check NPMplus logs for connection attempts
ssh root@192.168.11.10 "ssh root@r630-01 'pct exec 10233 -- docker logs npmplus --tail 50'"

Priority 3: Verify Port Forwarding Rules Are Active

Action: Check if DNAT rules are actually in NAT table

sshpass -p 'm0MFXHdgMFKGB2l3bO4' ssh OQmQuS@192.168.11.1 \
  "sudo iptables -t nat -L PREROUTING -n -v | grep '76.53.10.36'"

If no rules found, enable them in UDM Pro Web UI.

Priority 4: Check Routing

Action: Verify return path routing

# On UDM Pro, check routing table
sshpass -p 'm0MFXHdgMFKGB2l3bO4' ssh OQmQuS@192.168.11.1 \
  "ip route show | grep 192.168.11"

Next Steps

  1. From internal network, check UDM Pro firewall rules
  2. Enable/unpause any paused firewall rules
  3. Verify port forwarding rules are active
  4. Check NPMplus logs for incoming connection attempts
  5. Re-test from external network (tethering)

Test Statistics

  • Total Tests: 9
  • Passed: 3
  • Partial/Working: 3
  • Failed: 3
  • Warnings: 1

Conclusion

Status: ⚠️ PROGRESS MADE - TCP CONNECTIONS WORKING

Key Finding: Port forwarding appears to be working (connections established), but firewall rules or return path routing is blocking responses.

Action Required: Check and fix UDM Pro firewall rules to allow return traffic from NPMplus.

Next Test: After fixing firewall rules, re-run tests from external network.

Reference in New Issue View Git Blame Copy Permalink