I can't access the web interface

Support
1

Hello, I will use translator

I have a Nethserver PC that belongs to another location, using nextcloud for the local network.

My network is different from where it belongs, I’m at 192.168.3.1, and this nethserver is:
IP 192.168.0.250
Mask 255.255.255.0
Gateway 192.168.0.1

As I don’t want to change the server’s native network, I inserted a router into my network 192.168.0.1 with DHCP, and I have another PC on this same router to access the server but I can’t via the web interface http:// 192.168.0.250, http:// 192.168.0.250:980, also on PC Nethserver I can’t ping google, what could be wrong?

2

Hi @SimPos

If you’re looking for help in this forum, please provide more Information. As seen in another post of yours, you still seem to be using a very old, not updated system.

You will have plenty of trouble with NextCloud, as those updates only allow for the next version. You are running NethServer 7.4, the latest is 7.9. NethServer 8.0 is now in Beta2…

If the “other” server is at a different site, you don’t state how are you connected. No word about VPN or needed stuff, only a couple of IP addresses / ranges which can’t communicate with each other…

My 2 cents
Andy

3

I don’t know what data you need to provide, I’m declaring a situation

The other topic is resolved, I managed to bypass grub, now I can see the prompt again on the screen, and I can log in as root or user

About the system, I intend not to update at the moment, I have been using 7.4.1708 for half a decade, and only now am I coming to address it on the forum due to a short in the power supply, I am not declaring something corrupt or damaged, I am trying to access it in a wan network 192.168.0.1

On this same network I tested a VM with Nethserver in the same default CentOS version with a fixed network and I was able to access the web interface on the neighboring computer, so what is wrong with this Nethserver on a real PC.

Regarding data, whoever requests it I can provide, there is no VPN, I think from the translation you didn’t understand, the ISP is at 192.168.3.1, I inserted a home router in the WAN port with DHCP 192.168.0.1, and the PC Nethserver is in the LAN port of this router home, and there is a second PC on the LAN port of the home router that I try to access the web interface, as I’m not an expert I don’t know which commands I can reveal something I need

4

Hi

What about this when starting a post?

Bildschirmfoto 2023-11-08 um 06.28.46
Bildschirmfoto 2023-11-08 um 06.28.463016×822 194 KB

Version / Subversion / Module / A bit of Network description, etc…

The ISP is giving you a 192.168.x.x address? A so called CGNAT? And then even using 192.168.x.x as IP address?
These are not real, Internet routable IPs. These are so called Private Network IPs, suitable for use behind a router. The networks are: 10.x.x.x, 172.16.x.x-172.31.254.254, and 192.168.x.x.
Any router on the real Internet has to discard these IPs (Per RFCs, the documents describing how IP and Internet works!), simply drop them with NO reply!

You can NEVER make a VPN with anyone else on the Internet, the max possible would be maybe a connection from two sites using the same ISP…
What country are you in?

this statement is very, very wrong, as 192.168.x.x is per se NOT a WAN network, can NEVER be!

This has nothing to do with the translation, this setup from your Provider is highly unusual, most other ISPs using CGNAT will use 10.x.x.x exclusively! And CGNAT is cosidered Sub-Par, as your host cannot be accessible from the Internet (Web, Mail, VPNs, etc.)…

NethServer by itself will block all access from outside the Network it considers as LAN (Green). So connecting from the WAN side “just like that” will NOT work. NethServer 7.x comes with a full Firewall, not like a Desktop OS (Ubuntu, etc…).

NethServer will be EOL at the end of June 2024. The server as such will still work, but as no updates or anything will be coming, will become fairly fast unusable… Nowadays, you NEED SSL on almost anything, and that isn’t possible with your config / setup.

My 2 cents
Andy

See this for more Info about “Private Networks / IPs”

RFCs are “official” documents, and NOT “comments” as the name may suggest. (RFC = Request for Comments).

2 Likes
5

Possibly a network diagram approximation of his current testing environment (with some holes):

Internet----Router_provided_by_ISP(192.168.3.1)
                     |
                     |
                     |----Second_Router/AP(192.168.0.1)
                                    |
                                    |----NethServer(192.168.0.250)
                                    |
                                    |----Laptop/PC (connected to second_router and trying to connect to NethServer)
6

@dnutan

Calling a LAN a WAN is a big mistake in any discussion! WAN implies firewalls, and a second site.
LAN means local, 'nuff said!

Certain Home “Routers”, especially WLan capable ones, have a setting blocking inter-pc connections. This is common eg in Hotels or Public WLans. If this is active, this could be the issue…

My 2 cents
Andy

2 Likes
7

Let’s do it by steps

I didn’t see it, it’s my first post, I’m from many forums but this aesthetic isn’t usual

I will inform you what is on the prompt screen

  • Nethserver 7.4.1708 (Final)
  • Kernel 3.10.0-693.5.2.e17.x86_x64 on an x86_x64
  • CentOS 7
  • IP (static) 192.168.0.250, Mask 255.255.255.0, Gateway 192.168.0.1, DNS 8.8.8.8

Here in my country, internet arrives via GPON fiber, then goes to a Huaweii router WAN port with PPPoE, and has IP 192.168.3.1 gateway (DHCP 3.100 to 3.254) and distributes it to the switch etc., the network where this Nethserver was located is same with Huaweii but with network 192.168.0.1 (no firewall or robust controls)
But I didn’t understand what I said about VPN, I just said that I don’t use VPN, I’m from Brazil

I tried to simplify, I didn’t refer to my ISP’s WAN external IP, here in the test scenario, Nextcloud is only used by LAN clients (PC), Huaweii LAN cable (192.168.3.1) goes to TP-Link WAN port (WAN DHCP configuration 192.168.3.x), then TP-Link LAN (DHCP 192.168.0.x) connects Nethserver PC (192.168.0.250), and TP-Link LAN connects second PC (DHCP Client 192.168.0.x)

Addendum: As it didn’t work in my test scenario, I went to another unit to install it at the location (it was with me due to the problem of constant restarts), which is the location where the network is 192.168.0.1 and it always worked, however it didn’t work, that is, my test scenario was not wrong, but there is something wrong with the Nethserver access

Now I ask that we start from here (if there is something wrong in my test scenario I can change it, but I made a VM on another PC with the same Nethserver ISO version and it worked in the test scenario)…

Nexcloud became inoperative after many forced restarts, I managed to contain the restarts, grub, boot, even the prompt is normal on Nethserver and I can operate, due to damage the ethernet adapter does not exist I checked with another system, with Nethserver in the prompt it does not return ping on the websites, on another PC I can’t ping Nethserver 192.168.0.250, it seems that there is no more network communication from the Nethserver where it is connected, I don’t know how to recover

1 Like
8

Perfectly, this is exactly the test scenario, but as I thought I had done something wrong, I went to return the server (it was with me to repair restarts), but there on the other unit, after connecting, no Nextcloud client synchronized again, and I can’t ping 192.168.0.250, it seems that there is something wrong with the Nethserver network configuration, I would like to know how to correct it from the prompt without having to redo the server, as there is a lot of data on nextcloud

9

And welcome! Glad you are here.

2 Likes
10

We’re using Discourse :slight_smile: I hope you enjoy the aesthetic very soon

1 Like
11

Check the logs. It is possible for /var/log/messages (and journalctl) to have some information on the problem(s).

Other checks you can do on NethServer:

ip a
db networks show

ping -c4 192.168.0.1
ping -c4 8.8.8.8

config show dns
grep 'server=' /etc/dnsmasq.conf

# check for failed services (`httpd-admin` must be running for the UI to work)
systemctl status -l httpd-admin
systemctl list-units --failed
1 Like
12

The two commands generated absurdly large logs, the last ones have some red ones dated in month 10, but the problem actually occurred on 06/11 being a PC power problem

My mistake when typing IP, it was 252, 250 is my VM, but I had tested the right IP before, I just made a mistake when typing

image
image843×239 28.4 KB

image

image
image864×300 40 KB

image
image866×303 42 KB

image

image

image
image869×253 41.3 KB

image

13

Temporarily disable firewall…

shorewall clear

…and try again.

journalctl manual tells some ways to filter results.
You can also grep logs for error / warn / fail …for instance.

1 Like
14

Buddy, it worked, thank you very much, I can access and ping the server

But, there is still one detail, when rebooting, it becomes inaccessible again, I think the service restarts itself, is it possible to leave this service permanently disabled?

15

Better to identify and tweak the firewall rules that are preventing your access.
There you have the documentation:
https://docs.nethserver.org/en/v7/firewall.html
https://docs.nethserver.org/projects/nethserver-devel/en/latest/nethserver-firewall-base.html

16

It’s interesting material, I’ll use it to insert correct rules, but it’s quite dense, in the short term I need to permanently cancel the firewall, it’s a requested server and I need to return it to access the data as soon as possible, I’m reading your link but for now I haven’t found where to keep it disabled

17

The firewall rules can be easily managed from the user interface when the firewall module is installed on NethServer.

Also from the command line:

db fwrules show

The firewall is a core part of nethserver (for instance to control access to network zones) and should not be disabled in production.
Shorewall is used to configure netfilter/iptables.

18

This command did not print any messages, both before and after the shorewall

I checked firewalld, it starts inactive, however the shorewall starts active, I found a way to disable just the firewall permanently, but if firewalld starts inactive there is no reason to disable it, but I can’t find how to keep the shorewall inactive

I’m reading, I found a lot of commands, but I understand shorewall as a supporting part of the firewall, but since firewalld is inactive, I don’t understand why I can only access it after doing shorewall clear, but what I really need is to run this every time I restart

19

Master, one of the links doesn’t mention shorewall, the other link I read more about it, but I don’t see any mention of how to keep the shorewall clean when restarting

In the Nethserver browser, in services the shorewall is running, but in the prompt the firewalld is inactive, something happens when restarting that shields internet access, when I apply shorewall clear, in the Nethserver it indicates a yellow bar “Check firewall rules, firewall not running” , creates a link and when clicked it says: Nethgui 404 not found

20

I created a script, but I wasn’t happy, it runs but doesn’t apply, it only applies if I run it manually at the prompt