docs: Document NAT reflection and Traefik gateway fix
- Root cause was Traefik using Asus (10.4.2.254) as gateway instead of OPNsense (10.4.2.1) - Enabled NAT reflection in OPNsense for VLAN access via WAN IP - Fixed NFS mount issues with KavNas 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -2,6 +2,23 @@
|
||||
|
||||
> **Purpose**: Historical record of all significant infrastructure changes
|
||||
|
||||
## 2025-12-22
|
||||
|
||||
### NAT Reflection & External Access Fix
|
||||
- **Root cause**: Traefik (LXC 104) had gateway set to 10.4.2.254 (Asus) instead of 10.4.2.1 (OPNsense)
|
||||
- **Symptom**: External traffic and VLAN traffic to Traefik via WAN IP failed (asymmetric routing)
|
||||
- **Fix**: Changed Traefik gateway to 10.4.2.1 in both runtime and `/etc/pve/lxc/104.conf`
|
||||
|
||||
### OPNsense NAT Configuration
|
||||
- Enabled NAT reflection (Pure NAT mode) in Firewall → Settings → Advanced
|
||||
- Enabled automatic outbound NAT for reflection
|
||||
- Port forwards for HTTPS (443) → Traefik (10.4.2.10) now work from all VLANs and external
|
||||
|
||||
### NFS Storage Issues
|
||||
- KavNas has two NICs with different IPs; primary is 10.4.2.13
|
||||
- Fixed stale NFS mounts on pm2 and pm4 by updating `/etc/pve/storage.cfg` to correct IP
|
||||
- Pi-hole (LXC 103) and other containers recovered after NFS fix
|
||||
|
||||
## 2025-12-21
|
||||
|
||||
### Traefik Updates
|
||||
|
||||
Reference in New Issue
Block a user