fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
7.3 KiB
7.3 KiB
UDM Pro - IP Address Change Guide
Last Updated: 2026-01-14
Status: Active Documentation
Question: Should I change dev machine IP to 192.168.11.4 to access ml110 at 192.168.11.10?
Analysis: IP Change vs Fix Firewall
Current Situation
- Dev Machine: On
192.168.0.0/24network - Target: ml110 at
192.168.11.10on192.168.11.0/24network - Routing: ✅ Working (can ping gateway 192.168.11.1)
- Issue: Device firewall on ml110 likely blocking traffic from different subnet
Option 1: Change Dev Machine IP to 192.168.11.4 (Quick Workaround)
Pros:
- ✅ Quick solution - bypasses inter-VLAN routing
- ✅ Same subnet = no firewall blocking issues
- ✅ Direct communication without routing complexity
- ✅ Good for testing/development
Cons:
- ⚠️ Dev machine moves to management network (may not be desired)
- ⚠️ May need to reconfigure network settings
- ⚠️ Doesn't solve the root cause (firewall blocking)
When to Use:
- Need immediate access for testing
- Temporary solution while fixing firewall
- Dev machine should be on management network anyway
Option 2: Fix Firewall on ml110 (Proper Solution)
Pros:
- ✅ Maintains network segmentation
- ✅ Dev machine stays on Default network
- ✅ Proper security configuration
- ✅ Solves root cause
Cons:
- ⚠️ Requires access to ml110 to configure firewall
- ⚠️ May take longer to implement
When to Use:
- Want to maintain network separation
- Dev machine should stay on Default network
- Proper long-term solution
Recommendation
For Immediate Access: Change IP to 192.168.11.4 (quick workaround)
For Long-term: Fix firewall on ml110 to allow 192.168.0.0/24 (proper solution)
Best Approach: Do both - change IP now for immediate access, then fix firewall for proper solution
Option 1: Change Dev Machine IP to 192.168.11.4
Step 1: Check Current Network Configuration
# Check current IP
ip addr show
# Or
ifconfig
# Check current network
ip route show
Step 2: Change IP Address
Method A: Static IP via NetworkManager (if using)
# Check current connection name
nmcli connection show
# Change IP address
sudo nmcli connection modify <connection-name> ipv4.addresses 192.168.11.4/24
sudo nmcli connection modify <connection-name> ipv4.gateway 192.168.11.1
sudo nmcli connection modify <connection-name> ipv4.method manual
sudo nmcli connection down <connection-name>
sudo nmcli connection up <connection-name>
Method B: Static IP via netplan (Ubuntu/Debian)
# Edit netplan config
sudo nano /etc/netplan/01-netcfg.yaml
Add/modify:
network:
version: 2
renderer: networkd
ethernets:
<interface-name>:
addresses:
- 192.168.11.4/24
gateway4: 192.168.11.1
nameservers:
addresses:
- 192.168.11.1
- 8.8.8.8
Apply:
sudo netplan apply
Method C: Static IP via /etc/network/interfaces (older Debian)
sudo nano /etc/network/interfaces
Add/modify:
auto <interface-name>
iface <interface-name> inet static
address 192.168.11.4
netmask 255.255.255.0
gateway 192.168.11.1
dns-nameservers 192.168.11.1 8.8.8.8
Restart:
sudo systemctl restart networking
# Or
sudo ifdown <interface-name> && sudo ifup <interface-name>
Step 3: Verify New IP
# Check IP address
ip addr show
# Should show 192.168.11.4
# Check routing
ip route show
# Should show default via 192.168.11.1
# Test connectivity
ping -c 3 192.168.11.1 # Gateway
ping -c 3 192.168.11.10 # ml110
Step 4: Test Access to ml110
# Test ping
ping -c 3 192.168.11.10
# Test specific service (if applicable)
# e.g., SSH
ssh user@192.168.11.10
# e.g., HTTP
curl http://192.168.11.10
Option 2: Fix Firewall on ml110 (Keep Dev Machine on Default Network)
If ml110 is Proxmox Host
Check Proxmox Firewall:
# SSH to ml110 (192.168.11.10)
ssh root@192.168.11.10
# Check firewall status
pve-firewall status
# Check firewall rules
cat /etc/pve/firewall/cluster.fw
cat /etc/pve/firewall/host.fw
Allow Default Network:
# Edit host firewall
nano /etc/pve/firewall/host.fw
Add rule:
[OPTIONS]
enable: 1
[RULES]
IN ACCEPT -source 192.168.0.0/24 -log nocomment
Or via Proxmox Web UI:
- Navigate to: Datacenter → Firewall → Host Firewall
- Add rule:
- Action: Accept
- Source:
192.168.0.0/24 - Protocol: All
- Comment: Allow Default Network
If ml110 is Windows Server
Windows Firewall:
- Open "Windows Defender Firewall with Advanced Security"
- Click "Inbound Rules" → "New Rule"
- Rule Type: Custom
- Program: All programs
- Protocol: Any
- Scope:
- Remote IP:
192.168.0.0/24
- Remote IP:
- Action: Allow
- Profile: All
- Name: "Allow Default Network"
If ml110 is Linux Server
iptables:
# SSH to ml110
ssh user@192.168.11.10
# Allow traffic from Default network
sudo iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
# Save rules (Ubuntu/Debian)
sudo iptables-save | sudo tee /etc/iptables/rules.v4
# Or (CentOS/RHEL)
sudo service iptables save
firewalld:
# Allow source network
sudo firewall-cmd --add-source=192.168.0.0/24 --permanent
sudo firewall-cmd --reload
Comparison: Both Approaches
| Aspect | Change IP to 192.168.11.4 | Fix Firewall on ml110 |
|---|---|---|
| Speed | ⚡ Fast (5 minutes) | 🐌 Slower (requires ml110 access) |
| Network Segregation | ❌ Dev machine on management network | ✅ Maintains separation |
| Security | ⚠️ Depends on use case | ✅ Proper firewall rules |
| Long-term | ⚠️ May not be desired | ✅ Proper solution |
| Complexity | ✅ Simple | ⚠️ Requires ml110 access |
Recommended Approach
Immediate (Today)
- Change dev machine IP to 192.168.11.4 for immediate access
- Test connectivity:
ping 192.168.11.10 - Verify access to ml110 services
Long-term (This Week)
- Fix firewall on ml110 to allow
192.168.0.0/24 - Revert dev machine IP back to
192.168.0.x(if desired) - Test connectivity from Default network
- Document firewall rules
Verification After IP Change
# Verify new IP
ip addr show | grep 192.168.11.4
# Test gateway
ping -c 3 192.168.11.1
# Test ml110
ping -c 3 192.168.11.10
# Test DNS (if applicable)
nslookup ml110 192.168.11.1
Troubleshooting
Can't Access After IP Change
-
Check IP assignment:
ip addr show -
Check routing:
ip route show -
Check gateway:
ping -c 3 192.168.11.1 -
Check ml110:
ping -c 3 192.168.11.10 -
Check firewall on ml110:
- Verify firewall allows traffic from
192.168.11.4 - Even on same subnet, firewall might block
- Verify firewall allows traffic from
Want to Revert IP Change
# Change back to DHCP (if was using DHCP)
sudo nmcli connection modify <connection-name> ipv4.method auto
sudo nmcli connection down <connection-name>
sudo nmcli connection up <connection-name>
# Or change to specific IP on Default network
sudo nmcli connection modify <connection-name> ipv4.addresses 192.168.0.X/24
sudo nmcli connection modify <connection-name> ipv4.gateway 192.168.0.1
Last Updated: 2026-01-14