External port access, ssh or cockpit

Hi,
I recently installed Fedora Server.
and when I try to access cockpit or connect over ssh using local network, everything works just fine.
but when I try to access the server over external IP. connection is refused.

when I check the port with nmap I get

$ sudo nmap -p9090 visor1933-server
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-22 02:04 CEST
Nmap scan report for visor1933-server (192.168.178.22)
Host is up (0.0027s latency).

PORT     STATE SERVICE
9090/tcp open  zeus-admin

and

$ sudo nmap -p9090 95.90.245.99
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-22 02:04 CEST
Nmap scan report for ip5f5af563.dynamic.kabel-deutschland.de (95.90.245.99)
Host is up (0.024s latency).

PORT     STATE    SERVICE
9090/tcp filtered zeus-admin

tryed to play around with firewall, but no success and coulndt find information on how to solve the issue by googleing.

i want cockpit and ssh to be accessible over external ip. please help.

also, if it helps, outputs of following commands are as follows

[root@visor1933-server ~]# ss -lt
State                 Recv-Q                Send-Q                                Local Address:Port                                  Peer Address:Port                Process                
LISTEN                0                     128                                         0.0.0.0:ssh                                        0.0.0.0:*                                          
LISTEN                0                     4096                                              *:websm                                            *:*                                          
LISTEN                0                     128                                            [::]:ssh                                           [::]:*                                          
[root@visor1933-server ~]# netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1185/sshd           
tcp6       0      0 :::9090                 :::*                    LISTEN      1/systemd           
tcp6       0      0 :::22                   :::*                    LISTEN      1185/sshd           
[root@visor1933-server ~]# iptables -L -n -v
Chain INPUT (policy ACCEPT 1844 packets, 158K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1306 packets, 255K bytes)
 pkts bytes target     prot opt in     out     source               destination         
[root@visor1933-server ~]# firewall-cmd --list-all
home (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp2s0
  sources: 
  services: cockpit dhcpv6-client mdns samba-client ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

A default Fedora installation shouldn’t block traffic from outside of your home network. I don’t believe there is any real difference out of the box from the “home” zone and the “public” zone (meaning, that the “home” zone isn’t automatically more secure nor does it block any networks that public does not). You can create that behavior by adding subnets (sources) to various zones and open ports accordingly, which will then allow or block ports based on subnet. Is it safe to assume that “home” is your only active zone? If so, then it looks like those ports are open to all subnets.

That being said, i don’t really see anything that seems to point to the problem being with your Fedora system. I would look more closely at the port forwarding rules on your router. What type of router do you have? While this isn’t really the forum for support for whatever router you have, including some more information about your router and how you setup port forwarding might help narrow down the problem.

actually in the mean time I was also thinking about the router.
but didn’t had time yet to check the router settings yet.
if that will be the case, I will comment it here, may be it will help somebody having the same problem.

It has appeared also strange to me, that fedora server, which I would expect to be open to external access, well, this is a server…
it’s strange that external access is prohibited.

I will check the router on the weekend.

yet, thanks for the advice.