Its possible, i swiched ports multiple times. 8008,8080,8443 and 443. How i can proceed with tcp dump ?
Run from the console with the filter I gave you above or similar. It will give console output of any matching packets received as long as you leave it running. The point being, even if something on the server is misconfigured, you would still physically receive packets if the router configuration is correct.
I see, ok i will run the command and get back to you if anything changes. Thanks
Ok, i ran the TCP dump command and i am recieving packages, but still on Lan (TCP Dump worked). The domain that i created is not working, even on Lan. I have access only by IP.
I tried to reinstall everything, but this time with manual install, not by snap. Now i have access to directories and configuration files. If i enter 192.168.0.1 i have the apache welcome screen, and if i enter 192.168.0.1/nextcloud i have the Nextcloud Login screen.
I have also activated the DMZ on my router, still no external connection.
The host that i created in no-ip is type A but i also have IPV6 for AAA host type.
But the Nextcloud Web interface gave me this message:
- Your data directory and files are probably accessible from the Internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root.
I can also update the Nextcloud using updater (Version 16.0.0 to 16.0.4)
These are my setup warnings:
There are some errors regarding your setup.
-
Your data directory and files are probably accessible from the Internet. The .htaccess file is not working. It is strongly recommended that you configure your web server so that the data directory is no longer accessible, or move the data directory outside the web server document root.
-
MySQL is used as database but does not support 4-byte characters. To be able to handle 4-byte characters (like emojis) without issues in filenames or comments for example it is recommended to enable the 4-byte support in MySQL. For further details read the documentation page about this.
-
Accessing site insecurely via HTTP. You are strongly adviced to set up your server to require HTTPS instead, as described in the security tips
. -
Your web server is not properly set up to resolve “/.well-known/caldav”. Further information can be found in the documentation.
-
Your web server is not properly set up to resolve “/.well-known/carddav”. Further information can be found in the documentation.
-
No memory cache has been configured. To enhance performance, please configure a memcache, if available. Further information can be found in the documentation.
-
This instance is missing some recommended PHP modules. For improved performance and better compatibility it is highly recommended to install them.
intlimagick
Please double check the installation guides , and check for any errors or warnings in the log.
Check the security of your Nextcloud over our security scan .
Maybe swich router equipment ? Right now i am using the MI Router 4A Gigabit from Xiaomi. But i have an older model from Intelbras Here. If even using the DMZ didnt worked, i am thinking about a firewall from my ISP or Wrong setup of the No-IP client. How I can link my domain name to the Nextcloud config ? I just put the Domain in the Trusted_Domains list, in the Nextcloud Config. Also i am using rigth now the default ports in Apache 443 and 80, the default setup. How i can change them since I am not using the Nextcloud snap but a manual installation now ?
None of those errors are related to your router. They’re all configuration issues. You should heed the advice and go through the documentation to resolve each one.
This is about the most serious error you can have. If you run the server in that condition, you can count on your data being stolen. I would make this one top priority and close the ports in your router until it’s resolved. I’m not sure what led to .htaccess not working, but I would get the data folder out of the web folders either way since that’s best practice.
Before you go into further details, did you already check if you have a Dual Stack or a Dual Stack Lite Internet connection?
There seem to be quite a bit users struggling to make their NC accessible from the Internet and often there is a problem with IPv4 NAT.
For another user I wrote a little description:
Maybe this is worth reading and checking here as well.
Ok guys, thank you booth. I already closed all the router ports and disabled DMZ and DDNS. I will first resolve the setup issues and after that check the IPv4 nat. And i just remember that i was able to ping the server but only with IPv6 in my previous setup. But still no access.
Alright. Good luck. And please report back the outcome.
So, I just finished to fix the server setup issues, and i am ready to fix the Ouside connection issues. Now i know that i have the same public IPv4 for all my machines (Notebook, cellphones etc.) But different IPv6 for them, every device is with a different IPv6 when checking in whatismyip.com. So i am behind a NAT ? And that is why i cant have access from the internet ?
Well, that doesn’t mean or prove anything yet 
What does your router say about your DSL connection: Dual Stack Lite (=DS Lite) or Dual Stack (=DS)?
Can you show us your router’s port forwarding settings? Please remember that for IPv6 “port forwarding” to your NC server you need to enter the IPv6 which is shown by whatismyip when accessed from your NC server. Alternatively you can check the “global scope” IPv6 address from your server via shell command
ip -6 addr
I am not shure how to check the type of my DSL connection. I am using fiber optics here with PPPOE. But i can try to send screenshots or pictures of my settings if helps. Also, the NO-IP (DDNS) process is running with updates every 5 minutes and NAT enabled. (Download the images for better viewing)
It’s possible that your router supports NAT but your service doesn’t actually provide you a public address, if your IPv4 address is already NAT. You can tell this easily from the IP if your “outside” address is a RFC1918 address. Is it in one of these ranges?
- 192.168.0.0-192.168.255.255
- 172.16.0.0-172.31.255.255
- 10.0.0.0-10.255.255.255
If so then you will have to host on IPv6. There is no NAT in IPv6 so then it’s just a matter of opening the firewall port to the correct address.
1 Like
My IP starts with 191.7.X.X, so i not shure if is a RFC1918 address. Intenally is 192.168.31.X.
But my IP from the DDNS service (WAN) is 100.66…x.x when i added the DDNS config on my router, it gave me this IP. And even when i oppened the ports on my router and server, when i check them, the ports are closed. Even with the DMZ enabled. All ports are closed.
How i can setup to host in IPv6 ?
Maybe IPv6 is already enabled.
Does whatismyip.com return an IPv6 address for you?
On your PC or server you can also check if it already has an IPv6 address.
Windows:
ipconfig /all | findstr IPv6
Unix:
ip -6 addr
If there are no IPv6 addresses at all, you need to enable it on the router (if not prohibited by your ISP).
For that you need to check the manual of your router. At least I don’t know how to achieve that on your router model.
Yes, whatismyip.com return booth IPv4 and IPv6. The Windows and Unix commands also worked. IPv6 support on my router is also enabled. IPv6 (Native) support.
That’s not a RFC1918 address, so most likely you don’t have a double NAT situation. It’s just a question of whether your ISP is blocking your port(s). This is what the tcpdump test can determine.
If you run tcpdump on ports 80 and 443, and you see packets coming to you from the internet (not counting from your LAN), then that means the port is unblocked and your router setup is working. Note that you don’t necessarily want Nextcloud served on port 80, but you need that port open if you plan to use certbot.
Based on what you’ve said, I think the tcpdump filter you need to use is ’tcp dst port 443 or 80 and not src net 192.168.0.0/16’. Look for packets coming in for both ports. You can try to connect to it from cellular or something to generate some traffic. If this works then there shouldn’t be any network-related reason for your Nextcloud to not work.
So configure IPv6 port forwarding then
When you try to access your NC server from the Internet you need to pick the servers IPv6 address global scope.
To test the accessibility of your server, use the server’s IPv6 address in your client’s browser!
For more precise instructions which IPv6 to configure in the browser and which to use for external access, I would need the output of ip addr from your NC server. And while you probably don’t want to share this kind of information publicly I wrote you a private message yesterday which you can reply to.
Ok, i wil run tcpdump and try to connect usining my cellphone. But i have plans to use Let´s Encrypt SSL certificate, but insructions request the port 80 to be open in order to obtain the certificate. UPDATE: No success when trying to connect using my cellphone (4G), tcp dump is listenning or port 80 and 443, communucation only from LAN.
I will try to access the NC server using the IPv6 address then. And send you the output of ip addr by a PM.
If you use certbot’s Apache plugin or equivalent, your webserver must be able to receive on port 80. This does not mean that you have to allow connections to the Nextcloud site on port 80, however. You could serve a blank page or 403 error on port 80 or simply redirect to HTTPS.
If that’s the case, then your ISP is probably blocking those ports, and there isn’t much you can do about that as far as IPv4. Many of them disallow hosting things on residential services as part of their AUP.