Why my nextcloud doesn't request with iptables enabled?

Question

I have installed nextcloud in a server with TLS. Your installation was successed. In my server, the iptables is enabled and configured, following:

Chain INPUT (policy DROP)
target    prot  opt  source        destination
ACCEPT    tcp   --   0.0.0.0/0     0.0.0.0/0        tcp dpt:443
ACCEPT    tcp   --   0.0.0.0/0     0.0.0.0/0        tcp dpt:80
ACCEPT    icmp  --   0.0.0.0/0     0.0.0.0/0
ACCEPT    tcp   --   192.168.2.5   0.0.0.0/0        tcp dpt:2500
ACCEPT    udp   --   0.0.0.0/0     0.0.0.0/0        udp spt:53

Chain FORWARD (policy ACCEPT)
target    prot  opt  source        destination

Chain OUTPUT (policy ACCEPT)
target    prot  opt  source        destination

These rules allow SSH by the port 2500 (configured in /etc/ssh/sshd_config), the HTTPS, and HTTP. Here is a problem.

When I access to cloud.intec.local (configured with DNS), I cannot request a nextcloud. It displays an error.

Internal Server Error

The server encountered an internal error and was unable to complete your request.

Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.

More details can be found in the server log.

What I am doing bad?

UPDATED:

If iptables is enabled with those rules, I scan the packages with Wireshark, it displays packages TCP denied. But I don't understand because the iptables denied those package if the packages have the 443 port.

enter image description here

35 10.339162338  192.168.2.5    192.168.2.4    TCP    66 [TCP Keep-Alive] 42070 -> 443 [ACK] Seq=1351 Ack=2591 Win=41088 Len=0 TSval=2575559860 TSecr=657162501
35 10.339162338  192.168.2.4    192.168.2.5    TCP    66 [TCP Keep-Alive] 443 -> 42070 [ACK] Seq=2591 Ack=1352 Win=64128 Len=0 TSval=657172504 TSecr=2575539815

What is it means this packages?

If you're running php-fpm did you also allow it (and sorry I'm only fluent in `iptables-save`'s output)? — A.B, Apr 28 '20 at 13:25
Please don't edit your solution into your question. Instead, [post an answer and accept it](https://serverfault.com/help/self-answer). Otherwise the question will stay as "unanswered" in the system and pop up again and again in the future. — Gerald Schneider, Apr 28 '20 at 13:28
@GeraldSchneider Anyway can't tell it's a solution: the rule added opens completely the firewall, as if it weren't here. — A.B, Apr 28 '20 at 13:30
It would have surprised me anyway. The error your are getting is not related to your IP tables. A 500 error is the webservers way of saying "I have a major problem, but I don't want to talk about it in public". Look at the error log of the server (usually located under `/var/log`), there will be a clear message saying what's wrong. — Gerald Schneider, Apr 28 '20 at 13:31
@A.B and if I add a rule it allows packages with states NEW,RELATED and ESTABLISHED with the port 443/80 open? Some something so: — cleanet, Apr 28 '20 at 13:39
iptables -I INPUT -p tcp --sport 443 - m state --state NEW, RELATED, ESTABLISHED -j ACCEPT. — cleanet, Apr 28 '20 at 13:41
What about my question in the 1st comment? what about Gerald's comment? Can you reply to those? (and no the rule you write in the comment doesn't make much sense sorry) — A.B, Apr 28 '20 at 13:49
I'm Sorry @A.B by not answer her. I haven't installed php-fpm, You suggest me to install it? I haven't installed, but nextcloud (without iptables) runs successfully. — cleanet, Apr 28 '20 at 14:31
no I didn't suggest to install it. Actually I don't understand what works or doesn't work on your current status, or if there's a relation between the internal error and the iptables rules or not. If you didn't use exceptions for things like local traffic (lo interface) etc, things might not work as expected. Your question isn't clear to me at all. — A.B, Apr 28 '20 at 16:03

Why my nextcloud doesn't request with iptables enabled?

0 Answers0