cb47cce074
- Organized 252 files across project - Root directory: 187 → 2 files (98.9% reduction) - Moved configuration guides to docs/04-configuration/ - Moved troubleshooting guides to docs/09-troubleshooting/ - Moved quick start guides to docs/01-getting-started/ - Moved reports to reports/ directory - Archived temporary files - Generated comprehensive reports and documentation - Created maintenance scripts and guides All files organized according to established standards.
3.5 KiB
3.5 KiB
Omada Firewall Rules - Manual Check Required
Date: $(date)
Issue: HTTP 502 from Blockscout via Cloudflare Tunnel
Root Cause: "No route to host" error suggests firewall blocking
🔍 Current Status
Diagnostic Results
Connection Test:
# From cloudflared container (VMID 102, IP: 192.168.11.7)
curl http://192.168.11.140:80/health
# Result: curl: (7) Failed to connect to 192.168.11.140 port 80
# Error: "No route to host"
Analysis:
- ✅ DNS configured correctly
- ✅ Tunnel route configured correctly
- ❌ Network connectivity: BLOCKED
- ❌ Firewall likely blocking traffic
🔧 Manual Firewall Check Required
The Omada Controller API endpoint for firewall rules requires authentication that may not work via script. Please check manually:
Step 1: Login to Omada Controller
URL: https://192.168.11.8:8043
Credentials: Use your Omada Controller admin username/password
Step 2: Navigate to Firewall Rules
- Click Settings (gear icon)
- Navigate to Firewall → Firewall Rules
Step 3: Check for Blocking Rules
Look for rules that might block Blockscout:
Check these criteria:
- Destination IP: 192.168.11.140
- Destination Port: 80
- Protocol: TCP
- Action: Deny or Reject
- Direction: Forward or In
- Enabled: Yes
Step 4: Review Default Policies
Check if there are default deny policies that might block internal traffic.
✅ Required Firewall Rule
If no allow rule exists, create one:
Rule Configuration
Name: Allow Internal to Blockscout HTTP
Enable: ✓ Yes
Action: Allow
Direction: Forward
Protocol: TCP
Source IP: 192.168.11.0/24 (or leave blank for "Any")
Source Port: (leave blank for "Any")
Destination IP: 192.168.11.140
Destination Port: 80
Priority: High (must be above any deny rules)
Important: Rule Priority
- ✅ Allow rules must have HIGHER priority than deny rules
- ⚠️ Rules are processed in priority order (high → low)
- ✅ Place the allow rule above any deny rules in the list
📋 Checklist
- Login to Omada Controller (https://192.168.11.8:8043)
- Navigate to Settings → Firewall → Firewall Rules
- Check for deny rules blocking 192.168.11.140:80
- Check rule priority order
- Create allow rule if missing
- Ensure allow rule priority is HIGH (above deny rules)
- Apply/save configuration
- Test connectivity:
curl http://192.168.11.140:80/health
🔍 What to Look For
Blocking Patterns
-
Destination IP Blocking:
- Any rule with
dstIp = 192.168.11.140 - Any rule with
dstIp = 192.168.11.0/24and deny action
- Any rule with
-
Port Blocking:
- Any rule with
dstPort = 80and deny action - Any rule with
dstPort = alland deny action
- Any rule with
-
Default Deny Policies:
- Default deny rules at bottom of list
- Catch-all deny rules
Allow Patterns (Should Exist)
- Internal Access Allow:
- Source: 192.168.11.0/24
- Destination: 192.168.11.140
- Port: 80
- Action: Allow
- Priority: High
📝 Notes
- Both cloudflared (VMID 102) and Blockscout (VMID 5000) are on the same subnet (192.168.11.0/24)
- Traffic should be allowed by default for same-subnet communication
- If blocked, there's likely an explicit deny rule or restrictive default policy
- The "No route to host" error is typically a firewall/routing issue
Last Updated: $(date)
Status: Manual check required - API endpoint needs authentication verification