# NPMplus Port Forwarding Configuration Guide **Last Updated:** 2026-01-31 **Document Version:** 1.0 **Status:** Active Documentation --- **Date**: 2026-01-16 **Status**: Configuration Required **NPMplus IP**: `192.168.0.166` **Public IP**: `76.53.10.36` --- ## Overview Port forwarding must be configured in UDM Pro to route traffic from the public IP to NPMplus. Currently, ports 80 and 443 are not accessible, which prevents Let's Encrypt from validating domains for SSL certificates. --- ## Current Status ✅ **DNS Configuration**: All 19 domains correctly point to `76.53.10.36` ❌ **Port Forwarding**: Not configured (ports 80/443 not accessible) --- ## Required Port Forwarding Rules ### Rule 1: HTTP (Port 80) - **Name**: NPMplus HTTP - **Public IP**: `76.53.10.36` - **Public Port**: `80` - **Internal IP**: `192.168.0.166` - **Internal Port**: `80` - **Protocol**: `TCP` - **Interface**: WAN (or appropriate interface) ### Rule 2: HTTPS (Port 443) - **Name**: NPMplus HTTPS - **Public IP**: `76.53.10.36` - **Public Port**: `443` - **Internal IP**: `192.168.0.166` - **Internal Port**: `443` - **Protocol**: `TCP` - **Interface**: WAN (or appropriate interface) --- ## Manual Configuration Steps ### Step 1: Access UDM Pro 1. Open web browser 2. Navigate to UDM Pro web interface (typically `https://192.168.1.1` or your UDM Pro IP) 3. Log in with admin credentials ### Step 2: Navigate to Port Forwarding 1. Click **Settings** (gear icon) 2. Go to **Firewall & Security** 3. Click **Port Forwarding** (or **Port Forwarding Rules**) ### Step 3: Create HTTP Rule 1. Click **Add Port Forwarding Rule** (or **Create New Rule**) 2. Configure: - **Name**: `NPMplus HTTP` - **Source**: `Any` (or specific IP if needed) - **Destination IP**: `76.53.10.36` - **Destination Port**: `80` - **Forward to IP**: `192.168.0.166` - **Forward to Port**: `80` - **Protocol**: `TCP` - **Interface**: `WAN` (or your internet-facing interface) 3. Click **Save** or **Apply** ### Step 4: Create HTTPS Rule 1. Click **Add Port Forwarding Rule** again 2. Configure: - **Name**: `NPMplus HTTPS` - **Source**: `Any` (or specific IP if needed) - **Destination IP**: `76.53.10.36` - **Destination Port**: `443` - **Forward to IP**: `192.168.0.166` - **Forward to Port**: `443` - **Protocol**: `TCP` - **Interface**: `WAN` (or your internet-facing interface) 3. Click **Save** or **Apply** ### Step 5: Verify Configuration 1. Review both rules in the Port Forwarding list 2. Ensure they are **Enabled** 3. Check that IPs and ports are correct --- ## Update Existing Rules If port forwarding rules already exist but point to the old NPM IP (`192.168.11.26`): 1. Find the existing rules (may be named "Nginx" or "NPM") 2. Edit each rule 3. Update **Forward to IP** from `192.168.11.26` to `192.168.0.166` 4. Save changes --- ## Verification After configuring port forwarding, verify connectivity: ```bash # Test HTTP curl -I http://76.53.10.36 # Test HTTPS curl -I -k https://76.53.10.36 # Test specific domain curl -I http://sankofa.nexus ``` Expected: Should return HTTP response (200, 301, 302, etc.) instead of connection timeout. --- ## Troubleshooting ### Ports Still Not Accessible 1. **Check Firewall Rules**: Ensure firewall allows traffic on ports 80/443 2. **Check Interface**: Verify WAN interface is correct 3. **Check IP Assignment**: Confirm `76.53.10.36` is assigned to UDM Pro WAN interface 4. **Check ISP**: Some ISPs block ports 80/443 - may need to use alternate ports ### Let's Encrypt Still Failing 1. **Wait for DNS Propagation**: DNS changes can take 5-10 minutes 2. **Check DNS Resolution**: Verify domains resolve to `76.53.10.36` from external DNS ```bash dig sankofa.nexus @8.8.8.8 ``` 3. **Test HTTP Access**: Ensure `http://sankofa.nexus` is accessible from internet 4. **Check NPMplus Logs**: Review certificate request errors in NPMplus --- ## Next Steps After Port Forwarding 1. **Wait 5-10 minutes** for configuration to take effect 2. **Test connectivity** using curl commands above 3. **Request SSL certificates** in NPMplus: - Access: `https://192.168.0.166:81` - Go to **SSL Certificates** - Click **Request New Certificate** - Select domain and request Let's Encrypt certificate 4. **Or use automation script**: ```bash bash scripts/request-npmplus-certificates.sh ``` --- ## Architecture ``` Internet ↓ Cloudflare DNS (76.53.10.36) ↓ UDM Pro Port Forwarding ├─ 76.53.10.36:80 → 192.168.0.166:80 └─ 76.53.10.36:443 → 192.168.0.166:443 ↓ NPMplus (192.168.0.166:80/443) ↓ Backend Services (by hostname) ``` --- ## Related Documentation - [NPMplus Migration Guide](./NPMPLUS_MIGRATION_GUIDE.md) - [DNS Configuration](./NGINX_PUBLIC_IP_CONFIGURATION.md) - [UDM Pro Configuration](./UDM_PRO_COMPLETE_MANUAL_GUIDE.md)