LLM Gateway — Diagnose and fix iptables IP drift

Component: llm-gateway Category: network-routing Version: 1 Author: jim Last used: 6/5/2026, 12:05:51 AM
Prerequisites

SSH access to server. Docker running. iptables accessible (root or sudo).

Expected Outcome

iptables DOCKER-USER shows ACCEPT for correct IP. LLM queue processes jobs successfully. Queue depth returns to 0.

Steps

Symptoms


Step 1 — Verify the container IP

docker inspect llm-gateway | grep IPAddress

Note the actual IP assigned to the container.


Step 2 — Check iptables DOCKER-USER chain

iptables -L DOCKER-USER -n

Find the ACCEPT rule for port 3515. Compare IP to Step 1 result.


Step 3 — If IPs do not match, update the enforce script

Edit prysm-store/iptables/prysm-llm-gw-enforce.sh and set GATEWAY_IP to the correct IP from Step 1.


Step 4 — Reload iptables rules

bash /path/to/prysm-llm-gw-enforce.sh

Verify the updated rule:

iptables -L DOCKER-USER -n | grep 3515

Step 5 — Pin the IP in compose (permanent fix)

In phase2-section6-llm-infrastructure/docker-compose.yml, under llm-gateway networks config, add:

networks:
  prysm_infra:
    ipv4_address: 172.28.0.74

Step 6 — Restart llm-gateway to confirm

docker compose -f /mnt/blaze/prysm-infra/telegram-services_v2/phase2-section6-llm-infrastructure/docker-compose.yml up -d --build llm-gateway

Step 7 — Verify queue clears

Watch llm_queue table for jobs to process:

SELECT id, status, created_at FROM llm_queue ORDER BY created_at DESC LIMIT 10;