I am having problems to enable an internet connection on my nextbox, I did setup a deSEC domain, I have a few more doubts but in the moment I am stucked with my router config of how to properly setup the ports on the firewall, here my router firewall config menu:
I don’t know if I should open the 443 and 80 doors on “port forwards” or “open ports on router”. Also should I set the external and internal ports like on the example of the router page? 443 both on external and internal, and another policy with 80 on external and internal?
On “port forwards” I can choose to open the doors on my nextbox IP address, but I have the options of using protocols TCP or UPD or both at the same time. What should I choose?
from what I see from the docs I would say the settings should be:
“port forwarding” ports 80 + 443 to the nextbox-ip tcp is enough
no “open ports on router” (this denotes the router’s own services as far as I understand) these shall all be off, if here one port is the same as the port forwarding this will disable traffic to the nextbox (this is what I understand from the single line description: “The router’s services, such as web, FTP and so on, require their respective ports to be opened on the router in order to be publicly reachable.” … This could be a misconception, if the NextBox is not working this might be something to look into.
jup this “should” work, but I haven’t seen this router (frontend) yet so I cannot guarantee that’s correct… best test is to see if the nextbox is available using the mobile network (not WiFi) from your smartphone…
it’s not working, I can’t even connect my phone and laptop. I am getting two errors mainly one when try a connection with the proxy of nitrokey as the image bellow:
and another when I try to setup a dynamic dns, it outputs:
“Failed reachability for: x.x.x.x, mydomain.dedyn.io”
and
" HTTPS / TLS is not activated "
This router I am using, it has a forked version of openWRT, if there’s more documentation to do it with an openWRT router, I can change my firmware to it.
generally the proxy and dynamic dns are independent of each other, the error you see for the proxy is ok, Nextcloud complains even though the headers are set properly, and the permission issue is explained here: Nextcloud FAQ — Nitrokey Documentation
But let’s focus on the dynamic dns issue: Obviously your NextBox is not reachable from the internet, this is an issue without this it won’t be possible to acquire a TLS certificate (enable TLS)…
are you sure that your ISP is assigning a true IPv4 address to you ? so it is not a “private IPv4”, “cNAT” or “DS-Lite” connection ? (to verify this you could open ports 80 + 443 in “open ports on router” and then try to navigate to your IP using a smartphone in the mobile network, if still nothing appears you likely have no proper IPv4 address)
Ok, this is a tough case, but I am afraid to say that no public IPv4 and no IPv6 at all means that you cannot access any device from the internet using a direct connection.
But the workaround is the backwards proxy you already set up, means this is the way to got for you as long as you cannot acquire a public IPv4 or IPv6 (honestly, no IPv6 in 2021 is a pretty bold move by an ISP)