d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
08c074ce101fc8fe6699a6de65799fb2bbf9d9fb
proxmox/scripts/check-omada-firewall-blockscout.sh
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

165 lines
5.0 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Check Omada firewall rules for Blockscout access
# Blockscout: 192.168.11.140:80
# Cloudflare tunnel: VMID 102 (cloudflared)
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ENV_FILE="${ENV_FILE:-$SCRIPT_DIR/../.env}"
BLOCKSCOUT_IP="192.168.11.140"
BLOCKSCOUT_PORT="80"
CLOUDFLARED_IP="192.168.11.12" # VMID 102 - approximate, adjust as needed
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
CYAN='\033[0;36m'
NC='\033[0m'
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
log_section() { echo -e "${CYAN}════════════════════════════════════════${NC}"; }
log_section
log_info "Omada Firewall Rules Check for Blockscout"
log_section
echo ""
log_info "Blockscout IP: $BLOCKSCOUT_IP"
log_info "Blockscout Port: $BLOCKSCOUT_PORT"
log_info "Tunnel Container: VMID 102 (cloudflared)"
echo ""
# Load environment variables
if [ -f "$ENV_FILE" ]; then
source "$ENV_FILE"
fi
# Check for Omada credentials
OMADA_URL="${OMADA_CONTROLLER_URL:-}"
OMADA_API_KEY="${OMADA_API_KEY:-}"
if [ -z "$OMADA_URL" ] || [ -z "$OMADA_API_KEY" ]; then
log_warn "Omada credentials not found in .env"
log_info "Expected variables:"
log_info " OMADA_CONTROLLER_URL=https://192.168.11.8:8043"
log_info " OMADA_API_KEY=your-api-key"
echo ""
log_info "Manual Check Required:"
log_info " 1. Login to Omada Controller: $OMADA_URL"
log_info " 2. Navigate to: Settings → Firewall → Firewall Rules"
log_info " 3. Check for rules blocking:"
log_info " - Source: Any → Destination: $BLOCKSCOUT_IP"
log_info " - Port: $BLOCKSCOUT_PORT (HTTP)"
log_info " - Direction: WAN → LAN or Forward"
echo ""
log_section
log_info "Expected Firewall Rules for Blockscout"
log_section
echo ""
log_info "Required Rules (should be ALLOW):"
echo ""
echo " 1. Cloudflare Tunnel → Blockscout"
echo " Source: Cloudflare IP ranges OR Internal (192.168.11.0/24)"
echo " Destination: $BLOCKSCOUT_IP"
echo " Port: $BLOCKSCOUT_PORT"
echo " Protocol: TCP"
echo " Action: Allow"
echo ""
echo " 2. Internal Access (if needed)"
echo " Source: 192.168.11.0/24"
echo " Destination: $BLOCKSCOUT_IP"
echo " Port: $BLOCKSCOUT_PORT, 4000"
echo " Protocol: TCP"
echo " Action: Allow"
echo ""
log_warn "Potential Issues:"
echo ""
echo " ⚠️ Default WAN → LAN: Deny policy may block tunnel traffic"
echo " ⚠️ Port 80 blocking rules"
echo " ⚠️ Destination IP restrictions"
echo " ⚠️ Inter-VLAN routing restrictions"
echo ""
exit 0
fi
log_info "Omada credentials found, attempting to query firewall rules..."
log_warn "API-based firewall rule query not fully implemented"
log_info "Please check firewall rules manually in Omada Controller"
echo ""
log_section
log_info "Manual Firewall Rules Check"
log_section
log_info "Steps to check in Omada Controller:"
echo ""
echo "1. Login to Omada Controller: $OMADA_URL"
echo "2. Navigate to: Settings → Firewall → Firewall Rules"
echo "3. Review all rules, especially:"
echo ""
echo " a. Rules with destination = $BLOCKSCOUT_IP"
echo " b. Rules with port = $BLOCKSCOUT_PORT (HTTP)"
echo " c. Rules with direction = 'WAN → LAN' or 'Forward'"
echo " d. Default deny policies"
echo ""
log_warn "Key Things to Check:"
echo ""
echo " ✓ Is there a rule allowing Cloudflare tunnel traffic?"
echo " ✓ Is port 80 blocked by any deny rules?"
echo " ✓ Is there a default deny policy blocking WAN → LAN?"
echo " ✓ Are inter-VLAN rules blocking internal communication?"
echo ""
log_section
log_info "Recommended Firewall Rules"
log_section
cat <<'EOF'
Rule 1: Allow Cloudflare Tunnel to Blockscout
----------------------------------------------
Name: Allow Cloudflare Tunnel to Blockscout
Enable: ✓
Action: Allow
Direction: Forward
Protocol: TCP
Source IP: Any (or Cloudflare IP ranges if specified)
Destination IP: 192.168.11.140
Destination Port: 80
Priority: High (above deny rules)
Rule 2: Allow Internal Access to Blockscout
--------------------------------------------
Name: Allow Internal to Blockscout
Enable: ✓
Action: Allow
Direction: Forward
Protocol: TCP
Source IP: 192.168.11.0/24
Destination IP: 192.168.11.140
Destination Port: 80, 4000
Priority: High
Rule 3: Verify Default Policy
------------------------------
Default WAN → LAN: Should be Deny (for security)
BUT: Tunnel traffic should be allowed via specific rule above
EOF
echo ""
log_info "If rules are correctly configured and traffic is still blocked:"
echo " 1. Check rule priority (allow rules must be above deny rules)"
echo " 2. Check for conflicting rules"
echo " 3. Verify VLAN routing is enabled"
echo " 4. Check router logs for blocked connection attempts"
echo ""
Reference in New Issue View Git Blame Copy Permalink