[Brev][Inference] Ollama inference hangs because Brev UFW blocks port 11435 from sandbox

[hulynn]

Description

Description
On Brev VMs (shadeform Ubuntu 22.04 with default-deny UFW), nemoclaw onboard with the Local Ollama provider completes all 8 steps and reports "Installation complete". The wizard prints "Using Ollama on localhost:11434 (proxy on :11435)" and "Inference: healthy" — but the first openclaw agent call from inside the sandbox hangs indefinitely with no response.

Root cause is the Brev image's preconfigured UFW. UFW default-deny on incoming only allows 22 and 2222. Port 11435 (the NemoClaw-managed Ollama auth proxy on the host) is blocked. When the sandbox tries to reach host.openshell.internal:11435 (which resolves to 172.17.0.1 — the Docker host gateway), the SYN packet is dropped by UFW. The sandbox call times out silently and the agent waits forever.

NemoClaw v0.0.38 routes sandbox-to-Ollama traffic through the host's auth proxy on port 11435 (the design introduced by PR #3039). The wizard verifies Ollama on the host is healthy (HTTP 200 on 127.0.0.1:11434) but never verifies that the sandbox can reach the auth proxy on 11435. On every platform other than Brev this works because nothing blocks the docker-bridge → host loopback path. On Brev, UFW silently breaks it.Environment

Device:        Brev VM (shadeform brev-pz811qnfg) — H100 PCIe x1
OS:            Ubuntu 22.04.5 LTS
Architecture:  x86_64
Node.js:       v22.22.2
npm:           10.9.7
Docker:        29.1.3 (build f52814d)
OpenShell CLI: openshell 0.0.36
NemoClaw:      v0.0.38
OpenClaw:      2026.4.24
Ollama:        0.23.2 (bound 127.0.0.1:11434 — default install)
UFW:          active; default-deny incoming; only 22/tcp and 2222/tcp allowed

Steps to Reproduce

1. Provision a Brev VM (shadeform Ubuntu 22.04) — note UFW is active by default.
2. Install Ollama on the host: curl -fsSL https://ollama.com/install.sh | sh
3. Pull a small model: ollama pull qwen2.5:0.5b
4. Install NemoClaw: curl -fsSL https://www.nvidia.com/nemoclaw.sh | bash
5. At [3/8] inference menu, choose option 7 "Local Ollama (localhost:11434) — running (suggested)"
6. Pick the qwen model, complete onboard with sandbox name "brev-ollama".
7. Onboard prints "Installation complete" and a healthy summary.
8. Connect: nemoclaw brev-ollama connect
9. Inside sandbox: openclaw agent --agent main -m "hello" --session-id e2e
10. Observe the agent hangs indefinitely with no response.

Expected Result

Either onboard runs a smoke-test inference call at the end of the configured route and refuses to print "Installation complete" if the sandbox cannot reach the auth proxy, or onboard's preflight detects active UFW + missing rule for the auth proxy port and either auto-installs the rule (with user consent) or fails with an actionable error pointing at the exact ufw allow command.Actual Result

Onboard prints "Installation complete" and nemoclaw status reports Inference: healthy (http://127.0.0.1:11434/api/tags). The first sandbox-side inference call hangs. Diagnostic probes from inside the sandbox confirm the host-side proxy is unreachable:

# Inside sandbox before UFW workaround:

$ curl -sm 5 -o /dev/null -w "%{http_code}\n" http://host.openshell.internal:11435/v1/models

000        # connection refused / SYN dropped by UFW on host

inference.local goes through the gateway and is itself reachable, but the
upstream call from gateway → host:11435 fails the same way, so any path
that ends at the auth proxy is dead from inside the sandbox.
Host side shows the proxy is listening:
$ ss -tlnp | grep 11435

LISTEN 0 511 0.0.0.0:11435 0.0.0.0:* users:(("node",pid=...))
UFW status:
$ sudo ufw status

Status: active

22/tcp     ALLOW IN    Anywhere

2222/tcp   ALLOW IN    Anywhere

(no rule for 11435)

Workaround

Add a UFW rule that allows the docker bridge subnets to reach the auth proxy port, then re-run inference:

sudo ufw allow from 172.16.0.0/12 to any port 11435 proto tcp

After the rule is added, the sandbox-side probe goes from HTTP 000 (connection blocked) to HTTP 401 (proxy reached, token required — expected) and the in-sandbox openclaw agent --agent main -m "hello" returns a normal response.Suggested Fixes

Highest impact: end-of-onboard inference smoke test (covered by NVBug 6158325 as a generic enhancement). A single chat-completion through the just-configured route would have caught this immediately and prevented the silent "Installation complete" claim.

Brev-specific: preflight could detect active UFW + missing rule for the configured auth proxy port and either propose sudo ufw allow ... or refuse to claim success.Related Bugs

• NVBug 6158325 — [Brev][Onboard] Onboard reports SUCCESS without exercising inference path. Same class of issue: this Ollama/UFW case is one instance of the broader "onboard never smoke-tests inference" gap.
• NVBug 6131584 — [WSL2][Onboard] silent exit when Local Ollama is unreachable via host.openshell.internal. Same upstream symptom (sandbox cannot reach host's Ollama path) but WSL2-specific networking root cause; fix is OLLAMA_HOST=0.0.0.0. Does not apply to Brev — Brev's break is the host firewall, not the Ollama bind.
• NVBug 6045023 — [macOS][Ollama] inference hangs through NemoClaw/OpenShell routing. Same symptom (silent hang on first inference) on Colima.

Bug Details

Field	Value
Priority	Unprioritized
Action	Dev - Open - To fix
Disposition	Open issue
Module	Machine Learning - NemoClaw
Keyword	NemoClaw, NEMOCLAW_GH_SYNC_APPROVAL, NemoClaw_Inference, NemoClaw_Onboard, NemoClaw_Policy&Network, NemoClaw-SWQA-RelBlckr-Recommended, NemoClaw-SWQA-Sprint4-Blocker

---

[NVB#6164136]

[wscurran]

✨
Related open PRs:

• #3039 fix(onboard): keep managed Ollama loopback-only