proxmox/docs/04-configuration/UDM_PRO_QUICK_FIX_SUMMARY.md

# UDM Pro Routing Issue - Quick Fix Summary

**Last Updated:** 2026-01-14  
**Status:** ✅ Solution Ready

---

## 🎯 Quick Answer: YES, Change IP to 192.168.11.4

**Recommendation:** Change your dev machine IP to `192.168.11.4` for immediate access to ml110.

**Why:**
- ✅ Quickest solution (5 minutes)
- ✅ Bypasses inter-VLAN routing issues
- ✅ Same subnet = no firewall blocking
- ✅ Works immediately

---

## 🚀 Immediate Action: Change IP Address

### Automated (Recommended)

```bash
cd /home/intlc/projects/proxmox
sudo ./scripts/unifi/change-ip-to-vlan11-netplan.sh
```

### Manual (If script doesn't work)

1. **Edit netplan config:**
   ```bash
   sudo nano /etc/netplan/*.yaml
   ```

2. **Update eth0 configuration:**
   ```yaml
   network:
     version: 2
     renderer: networkd
     ethernets:
       eth0:
         addresses:
           - 192.168.11.4/24
         gateway4: 192.168.11.1
         nameservers:
           addresses:
             - 192.168.11.1
             - 8.8.8.8
   ```

3. **Apply changes:**
   ```bash
   sudo netplan apply
   ```

4. **Verify:**
   ```bash
   ip addr show eth0
   ping -c 3 192.168.11.1   # Gateway
   ping -c 3 192.168.11.10  # ml110
   ```

---

## ✅ Verification Steps (After IP Change)

### 1. Test Connectivity

```bash
# Test gateway
ping -c 3 192.168.11.1

# Test ml110
ping -c 3 192.168.11.10
```

### 2. Verify Network Isolation (Web UI)

1. Navigate: **Settings → Networks → MGMT-LAN**
2. Scroll to **"Network"** section
3. Ensure **"Isolate Network"** is **UNCHECKED**
4. Save if changed

### 3. Verify Zone Matrix (Web UI)

1. Click **Grid icon** (Policy Engine) in sidebar
2. Find: **Internal → Internal**
3. Verify it says **"Allow All"**
4. If not, click and change to "Allow All"

### 4. Check CyberSecure (Web UI)

1. Click **Shield icon** (CyberSecure) in sidebar
2. Check for rules blocking inter-VLAN traffic
3. Check "Security Posture" mode
4. Adjust if needed

---

## 🔧 Long-Term Solution: Fix ml110 Firewall

After you have access via IP change, fix the root cause:

### If ml110 is Proxmox

```bash
# SSH to ml110
ssh root@192.168.11.10

# Check firewall
pve-firewall status

# Edit firewall (via web UI or CLI)
# Add rule: Allow 192.168.0.0/24
```

### If ml110 is Linux

```bash
# Allow Default network
sudo iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
sudo iptables-save | sudo tee /etc/iptables/rules.v4
```

### If ml110 is Windows

1. Windows Firewall → Inbound Rules → New Rule
2. Allow traffic from `192.168.0.0/24`

---

## 📋 Complete Checklist

- [ ] Change dev machine IP to `192.168.11.4`
- [ ] Test: `ping 192.168.11.1` (gateway)
- [ ] Test: `ping 192.168.11.10` (ml110)
- [ ] Verify Network Isolation is unchecked
- [ ] Verify Zone Matrix: Internal → Internal = Allow All
- [ ] Check CyberSecure settings
- [ ] Fix ml110 firewall (long-term)
- [ ] (Optional) Revert IP back to `192.168.0.x` after firewall fix

---

## 🔄 Reverting IP Change (Optional)

After fixing ml110 firewall, you can revert:

```bash
# Find backup file
ls -la /etc/netplan/*.backup.*

# Restore
sudo cp /etc/netplan/<config>.backup.* /etc/netplan/<config>.yaml
sudo netplan apply
```

Or manually change back to:
- IP: `192.168.0.23/24`
- Gateway: `192.168.0.1`

---

## 📊 Current Status

- ✅ **Routing:** Working (can ping gateway 192.168.11.1)
- ❌ **Device Access:** Blocked (likely ml110 firewall)
- ✅ **Solution:** Change IP to same subnet (quick) + Fix firewall (long-term)

---

**Last Updated:** 2026-01-14