Unable to access server from Internet

In my small experience, with that network configuration (one adapter, Green zone) a “simple” port forwarding from the public ip to the ip address should work out ouf the box.
Moreover, due to your choice to put Nethserver into DMZ, maybe your device (router? CPE? server? IDK) should allow connection from public to the private ip (and port?) of NethServer.

with no modification on the firewall (on NethServer) and I don’t remember if this option
System → Settings → Scroll to “Server Manager”
is changed from default.

1 Like

Thanks for the instruction but it still not working. I don’t believe my router is the problem as the server is in DMZ.

Unfortunately, as far as i can read here, the router seems the first place to look for.
Screenshots came from an identical installation as yours, with these small differences:

  • you can see the configurations that i remember are necessaries
  • the firewall consider NethServer part of a Green network instead of a Orange one (DMZ)
  • the firewall is instructed/configured for:
    • port forwarding from the public port i choosed to the private port necessary (currently, 9090 for Cockpit)
    • firewall rule to allow communication from the subnet i specified to the port 9090 of NethServer

Without these last settings on the firewall, when i tried to “knock on” the port i specified (for instance public.address.ext:8909) firewall/router just bounced me out, because no rule was setup for allowing me to dialog to NethServer.

Also… DMZ is quite a bit… “trickier” than usual. In “regular” firewall/routers, this kind of network is subjet to a major rule of thumb: no allowances unless specified (from LAN, to LAN, from WAN, to WAN). Some commericial devices (AVM/Fritz if i’m not wrong) “call” DMZ the massive port forwarding to a single host without any protection enabled. But IMVHO most depend from the device.
Also Act II: some ISPs currently do not provide public address on the WAN port of the CPE/router, but only some kind of “geographical LAN” used by the ISP for delivering content and traffic to the customer. Therefore, for having the option to use a public IP address, ISP must be poked (or payed) for the “privilege”.

Last but not least: NethServer rely on an linux distro fully enabled for IPv6, but NethServer is no IPv6 compatible. All configurations for IPv4 are honored and distributed to linux services any time the “save/apply” button will be pushed. But no configuration will be proviede for IPv6 stack.

  1. Pls assign an Interface as WAN (Red), never use the Green Interface against Public.
  2. DMZ is definitly not the right configuration for your Router, use an ExposedHost Setting for the WAN Interface of your NethServer.
  3. Friendly Reminder that NethServer7 does not support IPv6 so deaktivate this in your Routers settings.

If your Provider only allowes IPv4 by CarrierGradeNAT DSLight you wont be able to connect to the NethServer at all.


Thanks for the information guys. I will do a little more research and get back to you.

btw, in some routers dmz only works in port 1 :slight_smile:

@ssabbath would you please share which ones you encountered? Currently never happened to me (only some NetGear have a dual personality port (WAN/LAN on configuration, for a DSL Router)

Ok. Reinstalled the system (unattended) and started from scratch. Static IP assigned.

Trying to ssh in from the internet:
ssh: connect to host 200.xxx.xxx.56 port 22: No route to host

Linksys router:

Still gives me the same error when trying to ssh from the internet
“No route to host”

AFAIK SSH should be TCP and UDP.
Anyway: would you please share your router model?

1 Like

I had 3 types of router/modems that did that!

One Hauwei, the first port was also the only one Gigabit.

I forgot what brand/model, i think one fiberhome, and another really wierd brand, and for that i requested the ISP to change for another brand/model and they all changed it and akwnoleged that “issue”.

@CryptoJokester could you test if the ports are open from this site: Open Port Check Tool - Test Port Forwarding on Your Router

Yup, CGnat could be the issue also.

I’m thinking CGNAT too, though a 200. IP address shouldn’t be used for that AFAIK.

This indicates an upstream problem; nothing to do with your Neth installation.

In CGnat case, at least here in Brazil if that was not in contract you can “change” it back to regular dinamic ip! :slight_smile:

Just call your ISP and ask them to disable CGnat.

1 Like

Stupid question as I’ve never heard of it before but do ISP perhaps block port 22 like some block 25 probably might not be this but for ruling things out try changing the SSH port on nethserver and try again another thing to test for to ping.eu select port check and put your public IP in and port 22 and it will say if it’s open or not

Stupid question…
but it is normal that in your configuration the gateway is ???
In my opinion the problem is there

In this post gateway is

Yes, it happends, ISPs here in brazil often blocks 25, 22 and 21!