fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
3.4 KiB
3.4 KiB
UDM Pro Routing Issue - Quick Fix Summary
Last Updated: 2026-01-14
Status: ✅ Solution Ready
🎯 Quick Answer: YES, Change IP to 192.168.11.4
Recommendation: Change your dev machine IP to 192.168.11.4 for immediate access to ml110.
Why:
- ✅ Quickest solution (5 minutes)
- ✅ Bypasses inter-VLAN routing issues
- ✅ Same subnet = no firewall blocking
- ✅ Works immediately
🚀 Immediate Action: Change IP Address
Automated (Recommended)
cd /home/intlc/projects/proxmox
sudo ./scripts/unifi/change-ip-to-vlan11-netplan.sh
Manual (If script doesn't work)
-
Edit netplan config:
sudo nano /etc/netplan/*.yaml -
Update eth0 configuration:
network: version: 2 renderer: networkd ethernets: eth0: addresses: - 192.168.11.4/24 gateway4: 192.168.11.1 nameservers: addresses: - 192.168.11.1 - 8.8.8.8 -
Apply changes:
sudo netplan apply -
Verify:
ip addr show eth0 ping -c 3 192.168.11.1 # Gateway ping -c 3 192.168.11.10 # ml110
✅ Verification Steps (After IP Change)
1. Test Connectivity
# Test gateway
ping -c 3 192.168.11.1
# Test ml110
ping -c 3 192.168.11.10
2. Verify Network Isolation (Web UI)
- Navigate: Settings → Networks → MGMT-LAN
- Scroll to "Network" section
- Ensure "Isolate Network" is UNCHECKED
- Save if changed
3. Verify Zone Matrix (Web UI)
- Click Grid icon (Policy Engine) in sidebar
- Find: Internal → Internal
- Verify it says "Allow All"
- If not, click and change to "Allow All"
4. Check CyberSecure (Web UI)
- Click Shield icon (CyberSecure) in sidebar
- Check for rules blocking inter-VLAN traffic
- Check "Security Posture" mode
- Adjust if needed
🔧 Long-Term Solution: Fix ml110 Firewall
After you have access via IP change, fix the root cause:
If ml110 is Proxmox
# SSH to ml110
ssh root@192.168.11.10
# Check firewall
pve-firewall status
# Edit firewall (via web UI or CLI)
# Add rule: Allow 192.168.0.0/24
If ml110 is Linux
# Allow Default network
sudo iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
sudo iptables-save | sudo tee /etc/iptables/rules.v4
If ml110 is Windows
- Windows Firewall → Inbound Rules → New Rule
- Allow traffic from
192.168.0.0/24
📋 Complete Checklist
- Change dev machine IP to
192.168.11.4 - Test:
ping 192.168.11.1(gateway) - Test:
ping 192.168.11.10(ml110) - Verify Network Isolation is unchecked
- Verify Zone Matrix: Internal → Internal = Allow All
- Check CyberSecure settings
- Fix ml110 firewall (long-term)
- (Optional) Revert IP back to
192.168.0.xafter firewall fix
🔄 Reverting IP Change (Optional)
After fixing ml110 firewall, you can revert:
# Find backup file
ls -la /etc/netplan/*.backup.*
# Restore
sudo cp /etc/netplan/<config>.backup.* /etc/netplan/<config>.yaml
sudo netplan apply
Or manually change back to:
- IP:
192.168.0.23/24 - Gateway:
192.168.0.1
📊 Current Status
- ✅ Routing: Working (can ping gateway 192.168.11.1)
- ❌ Device Access: Blocked (likely ml110 firewall)
- ✅ Solution: Change IP to same subnet (quick) + Fix firewall (long-term)
Last Updated: 2026-01-14