# UDM Pro - IP Address Change Guide **Last Updated:** 2026-01-14 **Status:** Active Documentation **Question:** Should I change dev machine IP to 192.168.11.4 to access ml110 at 192.168.11.10? --- ## Analysis: IP Change vs Fix Firewall ### Current Situation - **Dev Machine:** On `192.168.0.0/24` network - **Target:** ml110 at `192.168.11.10` on `192.168.11.0/24` network - **Routing:** ✅ Working (can ping gateway 192.168.11.1) - **Issue:** Device firewall on ml110 likely blocking traffic from different subnet ### Option 1: Change Dev Machine IP to 192.168.11.4 (Quick Workaround) **Pros:** - ✅ Quick solution - bypasses inter-VLAN routing - ✅ Same subnet = no firewall blocking issues - ✅ Direct communication without routing complexity - ✅ Good for testing/development **Cons:** - ⚠️ Dev machine moves to management network (may not be desired) - ⚠️ May need to reconfigure network settings - ⚠️ Doesn't solve the root cause (firewall blocking) **When to Use:** - Need immediate access for testing - Temporary solution while fixing firewall - Dev machine should be on management network anyway ### Option 2: Fix Firewall on ml110 (Proper Solution) **Pros:** - ✅ Maintains network segmentation - ✅ Dev machine stays on Default network - ✅ Proper security configuration - ✅ Solves root cause **Cons:** - ⚠️ Requires access to ml110 to configure firewall - ⚠️ May take longer to implement **When to Use:** - Want to maintain network separation - Dev machine should stay on Default network - Proper long-term solution --- ## Recommendation **For Immediate Access:** Change IP to `192.168.11.4` (quick workaround) **For Long-term:** Fix firewall on ml110 to allow `192.168.0.0/24` (proper solution) **Best Approach:** Do both - change IP now for immediate access, then fix firewall for proper solution --- ## Option 1: Change Dev Machine IP to 192.168.11.4 ### Step 1: Check Current Network Configuration ```bash # Check current IP ip addr show # Or ifconfig # Check current network ip route show ``` ### Step 2: Change IP Address #### Method A: Static IP via NetworkManager (if using) ```bash # Check current connection name nmcli connection show # Change IP address sudo nmcli connection modify ipv4.addresses 192.168.11.4/24 sudo nmcli connection modify ipv4.gateway 192.168.11.1 sudo nmcli connection modify ipv4.method manual sudo nmcli connection down sudo nmcli connection up ``` #### Method B: Static IP via netplan (Ubuntu/Debian) ```bash # Edit netplan config sudo nano /etc/netplan/01-netcfg.yaml ``` Add/modify: ```yaml network: version: 2 renderer: networkd ethernets: : addresses: - 192.168.11.4/24 gateway4: 192.168.11.1 nameservers: addresses: - 192.168.11.1 - 8.8.8.8 ``` Apply: ```bash sudo netplan apply ``` #### Method C: Static IP via /etc/network/interfaces (older Debian) ```bash sudo nano /etc/network/interfaces ``` Add/modify: ``` auto iface inet static address 192.168.11.4 netmask 255.255.255.0 gateway 192.168.11.1 dns-nameservers 192.168.11.1 8.8.8.8 ``` Restart: ```bash sudo systemctl restart networking # Or sudo ifdown && sudo ifup ``` ### Step 3: Verify New IP ```bash # Check IP address ip addr show # Should show 192.168.11.4 # Check routing ip route show # Should show default via 192.168.11.1 # Test connectivity ping -c 3 192.168.11.1 # Gateway ping -c 3 192.168.11.10 # ml110 ``` ### Step 4: Test Access to ml110 ```bash # Test ping ping -c 3 192.168.11.10 # Test specific service (if applicable) # e.g., SSH ssh user@192.168.11.10 # e.g., HTTP curl http://192.168.11.10 ``` --- ## Option 2: Fix Firewall on ml110 (Keep Dev Machine on Default Network) ### If ml110 is Proxmox Host **Check Proxmox Firewall:** ```bash # SSH to ml110 (192.168.11.10) ssh root@192.168.11.10 # Check firewall status pve-firewall status # Check firewall rules cat /etc/pve/firewall/cluster.fw cat /etc/pve/firewall/host.fw ``` **Allow Default Network:** ```bash # Edit host firewall nano /etc/pve/firewall/host.fw ``` Add rule: ``` [OPTIONS] enable: 1 [RULES] IN ACCEPT -source 192.168.0.0/24 -log nocomment ``` Or via Proxmox Web UI: 1. Navigate to: **Datacenter → Firewall → Host Firewall** 2. Add rule: - **Action:** Accept - **Source:** `192.168.0.0/24` - **Protocol:** All - **Comment:** Allow Default Network ### If ml110 is Windows Server **Windows Firewall:** 1. Open "Windows Defender Firewall with Advanced Security" 2. Click "Inbound Rules" → "New Rule" 3. Rule Type: Custom 4. Program: All programs 5. Protocol: Any 6. Scope: - Remote IP: `192.168.0.0/24` 7. Action: Allow 8. Profile: All 9. Name: "Allow Default Network" ### If ml110 is Linux Server **iptables:** ```bash # SSH to ml110 ssh user@192.168.11.10 # Allow traffic from Default network sudo iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT # Save rules (Ubuntu/Debian) sudo iptables-save | sudo tee /etc/iptables/rules.v4 # Or (CentOS/RHEL) sudo service iptables save ``` **firewalld:** ```bash # Allow source network sudo firewall-cmd --add-source=192.168.0.0/24 --permanent sudo firewall-cmd --reload ``` --- ## Comparison: Both Approaches | Aspect | Change IP to 192.168.11.4 | Fix Firewall on ml110 | |--------|---------------------------|----------------------| | **Speed** | ⚡ Fast (5 minutes) | 🐌 Slower (requires ml110 access) | | **Network Segregation** | ❌ Dev machine on management network | ✅ Maintains separation | | **Security** | ⚠️ Depends on use case | ✅ Proper firewall rules | | **Long-term** | ⚠️ May not be desired | ✅ Proper solution | | **Complexity** | ✅ Simple | ⚠️ Requires ml110 access | --- ## Recommended Approach ### Immediate (Today) 1. **Change dev machine IP to 192.168.11.4** for immediate access 2. Test connectivity: `ping 192.168.11.10` 3. Verify access to ml110 services ### Long-term (This Week) 1. **Fix firewall on ml110** to allow `192.168.0.0/24` 2. **Revert dev machine IP** back to `192.168.0.x` (if desired) 3. Test connectivity from Default network 4. Document firewall rules --- ## Verification After IP Change ```bash # Verify new IP ip addr show | grep 192.168.11.4 # Test gateway ping -c 3 192.168.11.1 # Test ml110 ping -c 3 192.168.11.10 # Test DNS (if applicable) nslookup ml110 192.168.11.1 ``` --- ## Troubleshooting ### Can't Access After IP Change 1. **Check IP assignment:** ```bash ip addr show ``` 2. **Check routing:** ```bash ip route show ``` 3. **Check gateway:** ```bash ping -c 3 192.168.11.1 ``` 4. **Check ml110:** ```bash ping -c 3 192.168.11.10 ``` 5. **Check firewall on ml110:** - Verify firewall allows traffic from `192.168.11.4` - Even on same subnet, firewall might block ### Want to Revert IP Change ```bash # Change back to DHCP (if was using DHCP) sudo nmcli connection modify ipv4.method auto sudo nmcli connection down sudo nmcli connection up # Or change to specific IP on Default network sudo nmcli connection modify ipv4.addresses 192.168.0.X/24 sudo nmcli connection modify ipv4.gateway 192.168.0.1 ``` --- **Last Updated:** 2026-01-14