docs: Document NAT reflection and Traefik gateway fix
- Root cause was Traefik using Asus (10.4.2.254) as gateway instead of OPNsense (10.4.2.1) - Enabled NAT reflection in OPNsense for VLAN access via WAN IP - Fixed NFS mount issues with KavNas 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -2,6 +2,23 @@
|
|||||||
|
|
||||||
> **Purpose**: Historical record of all significant infrastructure changes
|
> **Purpose**: Historical record of all significant infrastructure changes
|
||||||
|
|
||||||
|
## 2025-12-22
|
||||||
|
|
||||||
|
### NAT Reflection & External Access Fix
|
||||||
|
- **Root cause**: Traefik (LXC 104) had gateway set to 10.4.2.254 (Asus) instead of 10.4.2.1 (OPNsense)
|
||||||
|
- **Symptom**: External traffic and VLAN traffic to Traefik via WAN IP failed (asymmetric routing)
|
||||||
|
- **Fix**: Changed Traefik gateway to 10.4.2.1 in both runtime and `/etc/pve/lxc/104.conf`
|
||||||
|
|
||||||
|
### OPNsense NAT Configuration
|
||||||
|
- Enabled NAT reflection (Pure NAT mode) in Firewall → Settings → Advanced
|
||||||
|
- Enabled automatic outbound NAT for reflection
|
||||||
|
- Port forwards for HTTPS (443) → Traefik (10.4.2.10) now work from all VLANs and external
|
||||||
|
|
||||||
|
### NFS Storage Issues
|
||||||
|
- KavNas has two NICs with different IPs; primary is 10.4.2.13
|
||||||
|
- Fixed stale NFS mounts on pm2 and pm4 by updating `/etc/pve/storage.cfg` to correct IP
|
||||||
|
- Pi-hole (LXC 103) and other containers recovered after NFS fix
|
||||||
|
|
||||||
## 2025-12-21
|
## 2025-12-21
|
||||||
|
|
||||||
### Traefik Updates
|
### Traefik Updates
|
||||||
|
|||||||
Reference in New Issue
Block a user