<![CDATA["Cloudron Error Response Timeout" after activated Hetzner Firewall on dedi server]]>Dear All,

I know this could be an Hetzner specific related question.

I activated Hetzner Firewall on a dedicated server with above rules:

s.png

About Out-going TCP connections Hetzner guide says:

"Therefore, the firewall doesn't "keep track of" whether or not an incoming packet belongs to an out-going connection from the server. For this reason, unless you enter an additional rule, all out-going connections from the server will not work. Server services (for example, enabling webservers for port 80) are not affected."

And suggest:

You can use the following rule to generally allow all responses to TCP connections:

 Source IP: No entry
 Destination IP: No entry
 Source port: No entry
 Destination port: 32768-65535 (Ephemeral Port Range)
 Protocol: tcp
 TCP flags: ack
 Action: accept

I followed this, but:

  • Cannot send any email using 587 port
  • I get "Cloudron Error Response Timeout"

Schermata 2021-04-04 alle 15.32.00.png

It seems that Cloudron cannot "see" outside.

Can you help me understanding how to manage this situation?

I know, Cloudron has is own firewall, but I want to block additional opened port I'm not using, eg. TURN server ports.

Thank's a lot for help!

]]>https://forum.cloudron.io/topic/4825/cloudron-error-response-timeout-after-activated-hetzner-firewall-on-dedi-serverRSS for NodeTue, 14 Apr 2026 02:36:48 GMTSun, 04 Apr 2021 13:41:11 GMT60<![CDATA[Reply to "Cloudron Error Response Timeout" after activated Hetzner Firewall on dedi server on Mon, 05 Apr 2021 14:42:05 GMT]]>@nebulon I find the solution taking infos from this forum .

In fact, I opened port 53 TCP and UDP and Cloudron can resolve domain names.

Configuration now is:

firewall template.png

All seems to working fine... I marked this thread as "Solved" 🙂

]]>https://forum.cloudron.io/post/29232https://forum.cloudron.io/post/29232Mon, 05 Apr 2021 14:42:05 GMT<![CDATA[Reply to "Cloudron Error Response Timeout" after activated Hetzner Firewall on dedi server on Mon, 05 Apr 2021 14:19:53 GMT]]>@nebulon It seems that problem is related to DNS queries... With active firewall if I ping 1.1.1.1 give me answer, but if I ping a domainname.tld... not working...

root@Ubuntu-1804-bionic-64-minimal ~ # ping wsj.com
ping: wsj.com: Temporary failure in name resolution
]]>https://forum.cloudron.io/post/29231https://forum.cloudron.io/post/29231Mon, 05 Apr 2021 14:19:53 GMT<![CDATA[Reply to "Cloudron Error Response Timeout" after activated Hetzner Firewall on dedi server on Mon, 05 Apr 2021 13:04:05 GMT]]>@nebulon I want to apply additional rules to lock not needed ports. I need only:

80 TCP, 443 TCP, 25 TCP, 587 TCP and 993 TCP.

All other ports I don't need. I well know that further ports are needed in case of other services. In my case I don't have any app using other services like SOLR or TURN.

Why add additional rules? Because I want to limit all internet traffic on opened ports, like port scans, logins attempts.

I know that if I install additional apps, as specified on Cloudron Firewall Guide, I need to open that specified port.

That said, If with VPN-Firewall (new released feature) all works fine, with Robot-Firewall (for dedicated server), I cannot manage outgoing traffic.

I mean, when Firewall is ON, it blocks IN and OUT traffic...

I asked Hetzner customer services and they didn't provided any answer, only a generic answer to follow their guide (see above), I posted also on their forum waiting for an answer...

]]>https://forum.cloudron.io/post/29224https://forum.cloudron.io/post/29224Mon, 05 Apr 2021 13:04:05 GMT<![CDATA[Reply to "Cloudron Error Response Timeout" after activated Hetzner Firewall on dedi server on Mon, 05 Apr 2021 10:22:24 GMT]]>Hi, for a start, Cloudron manages the firewall on the server already, so there is no need as such to use an external one. If you still want to additionally use the external one, then can you confirm that, if you disable that one, Cloudron works as expected?

Further all required basic ports for Cloudron to work well, are mentioned at https://docs.cloudron.io/security/#cloud-firewall
Of course if you install other apps, which require additional ports, then those have to be also manually setup in the external firewall.

]]>https://forum.cloudron.io/post/29208https://forum.cloudron.io/post/29208Mon, 05 Apr 2021 10:22:24 GMT