As I written before I have very restrictive firewall rules on the server I run nextcloud on, so (most of) the connections it tests when I go to “Basic settings” fail so I get the “This server has no working Internet connection…” warning on that page. But those firewall rules are an informed choice on my part (and nextcloud’s use was considered), so I really don’t care. Can I remove that warning somehow?
I also have
‘has_internet_connection’ => false,
in config.php, so nextcloud should know that I’m aware of the situation.
“As I written before”… unfortunatly, digging thousand of messages to find the post you refer to is “painfull” …
Restrictive firewall rules, ok, but “(most of) the connections it tests” ??
I dont understand your problem, as you managed your own firewall rules. If the nextcloud ports ( 80, 443 ) is legitimate, create a rule. Problemes fixed …
My firewall rules are super restritive too.
*filter
:INPUT DROP [12:5664] – nothing allowed excepts the following
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT – keep active connection alive in case restart
-A INPUT -i lo -j ACCEPT – localhost full accept
-A INPUT -p icmp -j ACCEPT – ping ok
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT – ssh
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT --dns
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT --http
-A INPUT -p udp -m udp --dport 53 -j ACCEPT --dns
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT --https
-A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT – specific redirec
-A INPUT -p tcp -m tcp --dport 20:21 -j ACCEPT – ftp/sftp
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT – console management
-A INPUT -p tcp -m tcp --dport 135 -j ACCEPT – dce endpoint
-A INPUT -p tcp -m tcp --dport 137 -j ACCEPT --137/139 netbios
-A INPUT -p tcp -m tcp --dport 138 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 445 -j ACCEPT – DS-AD
-A INPUT -p udp -m udp --dport 135 -j ACCEPT
-A INPUT -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -p udp -m udp --dport 139 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 3306 --dport 3306 -j ACCEPT – mysql
-A INPUT -p tcp -m tcp --sport 465 --dport 465 -j ACCEPT --smtps
-A INPUT -i lo -p tcp -m tcp --dport 6379 -j ACCEPT – redis cache
-A INPUT -p tcp -m tcp --dport 80 -j f2b-HTTP – fail2ban connecxtir
I’m using very restrictive firewall rules on the server I have nextcloud running on, that also blocks most outgoing HTTP(S), and I’m not likely to change that.
Incoming traffic to port 80 and 443 are allowed (and have been longer than I’ve run nextcloud, I also have other webthings running), and if it wasn’t I wouldn’t have been able to access the “Basic settings” and see the pointless warning. I guess the key in the above quote is
blocks most outgoing HTTP(S)
because that’s basically the only thing nextcloud can use to test the servers internet connection.
And the comments to your firewall rules are bad. An example: the rule for TCP ports 20+21 mentioned sftp, but SFTP (by default) uses the same port as SSH, which by default is 22, and you have another rule mentioning ssh as the reason for opening port 22.