fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
4.1 KiB
4.1 KiB
ER605 NAT Rule Configuration Correction
Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation
Date: 2026-01-09
Issue: Source IP field may be incorrectly configured
Current Configuration (As Provided)
| Field | HTTP Rule | HTTPS Rule |
|---|---|---|
| NAME | HTTP | HTTPS |
| SOURCE IP | 76.53.10.35 / 28 ⚠️ | 76.53.10.35 / 28 ⚠️ |
| INTERFACE | WAN1 | WAN1 |
| WAN IP | -- | -- |
| SOURCE PORT | 80 | 443 |
| DESTINATION IP:PORT | 192.168.11.26:80 | 192.168.11.26:443 |
| PROTOCOL | All | All |
Issue Identified
Problem: The "SOURCE IP" field shows 76.53.10.35 / 28, which is likely incorrect.
In ER605/Omada NAT rules:
- External IP / WAN IP: Should be
76.53.10.35(the public IP to receive traffic) - Source IP: Should be
0.0.0.0/0(any source) or restricted to specific IPs - Source Port: Should be the external port (80, 443)
- Destination IP:PORT: Should be the internal IP and port (192.168.11.26:80, 192.168.11.26:443)
Correct Configuration
HTTP Rule (Let's Encrypt)
| Field | Correct Value |
|---|---|
| NAME | HTTP |
| ENABLED | ✅ Yes |
| INTERFACE | WAN1 |
| WAN IP / External IP | 76.53.10.35 ← This is where 76.53.10.35 should go |
| SOURCE IP | 0.0.0.0/0 ← Any source (or restrict if needed) |
| SOURCE PORT | 80 |
| DESTINATION IP:PORT | 192.168.11.26:80 |
| PROTOCOL | TCP (or All) |
| ACTION | Allow / Forward |
HTTPS Rule (All Services)
| Field | Correct Value |
|---|---|
| NAME | HTTPS |
| ENABLED | ✅ Yes |
| INTERFACE | WAN1 |
| WAN IP / External IP | 76.53.10.35 ← This is where 76.53.10.35 should go |
| SOURCE IP | 0.0.0.0/0 ← Any source (or restrict if needed) |
| SOURCE PORT | 443 |
| DESTINATION IP:PORT | 192.168.11.26:443 |
| PROTOCOL | TCP (or All) |
| ACTION | Allow / Forward |
How to Fix in ER605/Omada Controller
Option 1: If "WAN IP" Field Exists
-
Edit the HTTP rule:
- Set WAN IP:
76.53.10.35 - Set SOURCE IP:
0.0.0.0/0(or leave blank for "any") - Keep other fields as is
- Set WAN IP:
-
Edit the HTTPS rule:
- Set WAN IP:
76.53.10.35 - Set SOURCE IP:
0.0.0.0/0(or leave blank for "any") - Keep other fields as is
- Set WAN IP:
Option 2: If "WAN IP" Field Doesn't Exist
Some ER605 interfaces use "External IP" or "Public IP" instead:
-
Look for fields like:
- "External IP"
- "Public IP"
- "Destination IP" (for external)
- "WAN Address"
-
Move
76.53.10.35to the correct field -
Set SOURCE IP to
0.0.0.0/0or leave blank
Verification
After correcting the configuration:
-
Save and apply the rules
-
Test from internet:
curl -I http://76.53.10.35 curl -I https://76.53.10.35 -
Test with domain names:
curl -I http://sankofa.nexus curl -I https://sankofa.nexus -
Check ER605 logs:
- Navigate to: System Tools → System Log
- Look for NAT/port forwarding entries
- Verify traffic is being forwarded
Common ER605 Field Names
Different ER605 firmware versions may use different field names:
| What You Need | Possible Field Names |
|---|---|
| External/Public IP | WAN IP, External IP, Public IP, Destination IP |
| Source IP | Source IP, Source Address, Allowed Source |
| Source Port | External Port, WAN Port, Public Port |
| Destination | Internal IP, LAN IP, Destination IP |
| Destination Port | Internal Port, LAN Port, Local Port |
Summary
Key Points:
76.53.10.35should be in the WAN IP / External IP field, NOT in SOURCE IP- SOURCE IP should be
0.0.0.0/0(any source) or restricted - SOURCE PORT is correct (80, 443)
- DESTINATION IP:PORT is correct (192.168.11.26:80, 192.168.11.26:443)
Action Required: Move 76.53.10.35 from SOURCE IP to WAN IP/External IP field.
After fixing, test again to verify NAT is working!