Unable to access server from Internet

Support
7

In my small experience, with that network configuration (one adapter, Green zone) a “simple” port forwarding from the public ip to the ip address should work out ouf the box.
Moreover, due to your choice to put Nethserver into DMZ, maybe your device (router? CPE? server? IDK) should allow connection from public to the private ip (and port?) of NethServer.

image
image1058×378 21.1 KB

image
with no modification on the firewall (on NethServer) and I don’t remember if this option
image
System → Settings → Scroll to “Server Manager”
is changed from default.

1 Like
8

Thanks for the instruction but it still not working. I don’t believe my router is the problem as the server is in DMZ.

9

Unfortunately, as far as i can read here, the router seems the first place to look for.
Screenshots came from an identical installation as yours, with these small differences:

  • you can see the configurations that i remember are necessaries
  • the firewall consider NethServer part of a Green network instead of a Orange one (DMZ)
  • the firewall is instructed/configured for:
    • port forwarding from the public port i choosed to the private port necessary (currently, 9090 for Cockpit)
    • firewall rule to allow communication from the subnet i specified to the port 9090 of NethServer

Without these last settings on the firewall, when i tried to “knock on” the port i specified (for instance public.address.ext:8909) firewall/router just bounced me out, because no rule was setup for allowing me to dialog to NethServer.

Also… DMZ is quite a bit… “trickier” than usual. In “regular” firewall/routers, this kind of network is subjet to a major rule of thumb: no allowances unless specified (from LAN, to LAN, from WAN, to WAN). Some commericial devices (AVM/Fritz if i’m not wrong) “call” DMZ the massive port forwarding to a single host without any protection enabled. But IMVHO most depend from the device.
Also Act II: some ISPs currently do not provide public address on the WAN port of the CPE/router, but only some kind of “geographical LAN” used by the ISP for delivering content and traffic to the customer. Therefore, for having the option to use a public IP address, ISP must be poked (or payed) for the “privilege”.

Last but not least: NethServer rely on an linux distro fully enabled for IPv6, but NethServer is no IPv6 compatible. All configurations for IPv4 are honored and distributed to linux services any time the “save/apply” button will be pushed. But no configuration will be proviede for IPv6 stack.

10
  1. Pls assign an Interface as WAN (Red), never use the Green Interface against Public.
  2. DMZ is definitly not the right configuration for your Router, use an ExposedHost Setting for the WAN Interface of your NethServer.
  3. Friendly Reminder that NethServer7 does not support IPv6 so deaktivate this in your Routers settings.

If your Provider only allowes IPv4 by CarrierGradeNAT DSLight you wont be able to connect to the NethServer at all.

2 Likes
11

Thanks for the information guys. I will do a little more research and get back to you.

12

btw, in some routers dmz only works in port 1 :slight_smile:

13

@ssabbath would you please share which ones you encountered? Currently never happened to me (only some NetGear have a dual personality port (WAN/LAN on configuration, for a DSL Router)

14

Ok. Reinstalled the system (unattended) and started from scratch. Static IP assigned.

image
image1346×775 65.1 KB

15

Trying to ssh in from the internet:
ssh: connect to host 200.xxx.xxx.56 port 22: No route to host

16

Linksys router:

image
image1018×323 68.5 KB

17

Still gives me the same error when trying to ssh from the internet
“No route to host”

18

AFAIK SSH should be TCP and UDP.
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=ssh
Anyway: would you please share your router model?

1 Like
19

I had 3 types of router/modems that did that!

One Hauwei, the first port was also the only one Gigabit.

I forgot what brand/model, i think one fiberhome, and another really wierd brand, and for that i requested the ISP to change for another brand/model and they all changed it and akwnoleged that “issue”.

@CryptoJokester could you test if the ports are open from this site: Open Port Check Tool - Test Port Forwarding on Your Router
image

20

Yup, CGnat could be the issue also.

21

I’m thinking CGNAT too, though a 200. IP address shouldn’t be used for that AFAIK.

This indicates an upstream problem; nothing to do with your Neth installation.

22

In CGnat case, at least here in Brazil if that was not in contract you can “change” it back to regular dinamic ip! :slight_smile:

Just call your ISP and ask them to disable CGnat.

1 Like
23

Stupid question as I’ve never heard of it before but do ISP perhaps block port 22 like some block 25 probably might not be this but for ruling things out try changing the SSH port on nethserver and try again another thing to test for to ping.eu select port check and put your public IP in and port 22 and it will say if it’s open or not

24

Stupid question…
but it is normal that in your configuration the gateway is
192.168.1.0 ???
In my opinion the problem is there

25

In this post gateway is 192.168.10.1

26

Yes, it happends, ISPs here in brazil often blocks 25, 22 and 21!