Port forwarding issue

Your service definitions are wrong. Delete them and recreate two seperate definitions with just the specified ports 6080 & 6443. You do not redirect here. You merely specify the ports.

You then go to DNAT:

For traffic from: ANY
Using Service: 6080 tcp (or your definition name from above)
Going to: YOUR WAN

Change the destination to: Your internal web server
And the service to: 80 tcp or http

Tick automatic firewall rules (for the UTM to match the firewall rules to above)

Make sure the DNAT is turned on ie the slider is green....... and voila!!

You need to repeat this for the other rule too

And as a side note, personally...... I would do away with the DNAT rules and look towards using WAF (web server protection)

It offers much more flexibility and protection than a straight forward DNAT.

If you do decide to try this, make sure your DNAT is off as the traffic will never hit the WAF

I did the above and still it is not working :S, I cannot see the WAF option from my UTM (but for now will get it up and running using dnat then will check the WAF)

I am using my public ip + port XXX.XXX.XXX.XXX:6080

Have you got a source NAT or masquerade rule in place? ie Can the Nextcloud server reach the internet?
Is the DNAT turned on?
If you try to access the nextcloud server from the internet, can you see it on the live firewall logs? (make sure logging is enabled under advanced in the DNAT rule)

Everything looks fine there now with regards to the DNAT.

From memory, there might be something you have to do with Nextcloud to allow it to the internet as I think it might only allow local subnets in it's config file?

I am running apache on 6080 / 6443

the server can reach the internet

The Dnat is turned on both. I tried using both service http(80) and also nextcloud new port (6080)

With regards to Masquerading I didn't configure anything now. I only have the the above + guest lan to uplink interface etc

This is the firewall log

Currently I am trying to access the default Apache startup screen (the below was accessed locally)

Hi,

Why don't you try WAF ? (its called webserver protection on the UTM)

Actually the picture you display for the DNAT (your last post) doe sNOT look correct. IT should display any > NEXTCLOUD and next line should display netcloud srv and then http port (if your local server runs on port 80)

see my picture 

Re verify your settings for that rule

else why don't you try WAF ? (its called webserver protection on the UTM)

Brunomc is correct as you have changed this from the original screenshots: The order (as mentioned in my previous post) for the DNAT is:

For traffic from: ANY
Using Service: 6080 tcp (or your definition name from above)
Going to: YOUR WAN

Change the destination to: Your internal web server
And the service to: 80 tcp or http   <<< you are now missing this part of the translation

And as Brunomc has also stated, try WAF. It's far superior. Been there myself, DNAT's, SNAT's etc to start with because that was what I was used to. I now try to avoid all of those if possible and send everything through the proxies (and addititional protection) that the UTM provides

Brunomc is correct as you have changed this from the original screenshots: The order (as mentioned in my previous post) for the DNAT is:

For traffic from: ANY
Using Service: 6080 tcp (or your definition name from above)
Going to: YOUR WAN

Change the destination to: Your internal web server
And the service to: 80 tcp or http   <<< you are now missing this part of the translation

And as Brunomc has also stated, try WAF. It's far superior. Been there myself, DNAT's, SNAT's etc to start with because that was what I was used to. I now try to avoid all of those if possible and send everything through the proxies (and addititional protection) that the UTM provides