[Aggrégation 4G][freeboxOS] Accès à distance KO et redirection ports inopérante sur freebox delta

Mon serveur YunoHost

Matériel: VM debian 10 sur freebox
Version de YunoHost: 4.1.8
J’ai accès à mon serveur : En SSH | Par la webadmin |
Êtes-vous dans un contexte particulier ou avez-vous effectué des modificiations particulières sur votre instance ? : non

Description du problème

Bonjour à tous, je me décide à solliciter de l’aide car je ne parviens à trouver de solution.
Lors du diagnostic, je me suis retrouvé comme prévu avec tout un tas d’erreurs et je sèche sur l’ouverture de ports.
Sur l’interface freeboxos, j’ai configuré la redirection des ports vers la machine yunohost avec une ip fixe (bail statique) mais le diagnostic remonte toujours les flux comme fermés, même après redémarrage de la box.
J’ai demandé une ipv4 full stack auprès de Free, comme recommandé et n’ai pas configuré l’UPnP.

###Résultat
Je ne parviens pas à accéder à distance à mon serveur yunohost.
Ce site est inaccessible.

Screenshot from 2021-05-04 20-41-31

=================================
Base system (basesystem)
=================================

[INFO] Server hardware architecture is kvm arm64
  - Server model is QEMU KVM Virtual Machine

[INFO] Server is running Linux kernel 4.19.0-16-arm64

[INFO] Server is running Debian 10.9

[INFO] Server is running YunoHost 4.1.8 (stable)
  - yunohost version: 4.1.8 (stable)
  - yunohost-admin version: 4.1.4 (stable)
  - moulinette version: 4.1.4 (stable)
  - ssowat version: 4.1.3 (stable)



=================================
Internet connectivity (ip)
=================================

[SUCCESS] Domain name resolution is working!

[SUCCESS] The server is connected to the Internet through IPv4!
  - Global IP: xx.xx.xx.xx
  - Local IP: 192.168.0.11

[SUCCESS] The server is connected to the Internet through IPv6!
  - Global IP: xx:xx:xx:xx:xx:xx
  - Local IP: fe80::84de:feff:fe39:32cf



=================================
DNS records (dnsrecords)
=================================

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category basic)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category mail)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category xmpp)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category extra)

[SUCCESS] Your domains are registered and not going to expire anytime soon.
  - maindomain.tld expires in 362 days.



=================================
Ports exposure (ports)
=================================

[ERROR] Port 22 is not reachable from outside in IPv4.
  - Exposing this port is needed for admin features (service ssh)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 25 is not reachable from outside in IPv4.
  - Exposing this port is needed for email features (service postfix)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 80 is not reachable from outside in IPv4.
  - Exposing this port is needed for web features (service nginx)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 443 is not reachable from outside in IPv4.
  - Exposing this port is needed for web features (service nginx)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 587 is not reachable from outside in IPv4.
  - Exposing this port is needed for email features (service postfix)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 993 is not reachable from outside in IPv4.
  - Exposing this port is needed for email features (service dovecot)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 5222 is not reachable from outside in IPv4.
  - Exposing this port is needed for xmpp features (service metronome)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 5269 is not reachable from outside in IPv4.
  - Exposing this port is needed for xmpp features (service metronome)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config



=================================
Web (web)
=================================

[ERROR] Domain maindomain.tld appears unreachable through HTTP from outside the local network in IPv4, though it works in IPv6.
  - Timed-out while trying to contact your server from outside. It appears to be unreachable.
    1. The most common cause for this issue is that port 80 (and 443) are not correctly forwarded to your server.
    2. You should also make sure that the service nginx is running
    3. On more complex setups: make sure that no firewall or reverse-proxy is interfering.



=================================
Email (mail)
=================================

[SUCCESS] The SMTP mail server is able to send emails (outgoing port 25 is not blocked).

[ERROR] The SMTP mail server is unreachable from the outside on IPv4. It won't be able to receive emails.
  - Could not open a connection on port 25 to your server in IPv4. It appears to be unreachable.
    1. The most common cause for this issue is that port 25 is not correctly forwarded to your server.
    2. You should also make sure that service postfix is running.
    3. On more complex setups: make sure that no firewall or reverse-proxy is interfering.

[ERROR] No reverse DNS is defined in IPv4. Some emails may fail to get delivered or may get flagged as spam.
  - You should first try to configure the reverse DNS with maindomain.tld in your internet router interface or your hosting provider interface. (Some hosting provider may require you to send them a support ticket for this).
  - Some providers won't let you configure your reverse DNS (or their feature might be broken...). If you are experiencing issues because of this, consider the following solutions:
     - Some ISP provide the alternative of using a mail server relay though it implies that the relay will be able to spy on your email traffic.
    - A privacy-friendly alternative is to use a VPN *with a dedicated public IP* to bypass this kind of limits. See https://yunohost.org/#/vpn_advantage
    - Or it's possible to switch to a different provider

[ERROR] No reverse DNS is defined in IPv6. Some emails may fail to get delivered or may get flagged as spam.
  - You should first try to configure the reverse DNS with maindomain.tld in your internet router interface or your hosting provider interface. (Some hosting provider may require you to send them a support ticket for this).
  - Some providers won't let you configure your reverse DNS (or their feature might be broken...). If your reverse DNS is correctly configured for IPv4, you can try disabling the use of IPv6 when sending emails by running 'yunohost settings set smtp.allow_ipv6 -v off'. Note: this last solution means that you won't be able to send or receive emails from the few IPv6-only servers out there.

[SUCCESS] The IPs and domains used by this server do not appear to be blacklisted

[SUCCESS] 0 pending emails in the mail queues



=================================
Services status check (services)
=================================

[SUCCESS] Service avahi-daemon is running!

[SUCCESS] Service dnsmasq is running!

[SUCCESS] Service dovecot is running!

[SUCCESS] Service fail2ban is running!

[SUCCESS] Service metronome is running!

[SUCCESS] Service mysql is running!

[SUCCESS] Service nginx is running!

[SUCCESS] Service php7.3-fpm is running!

[SUCCESS] Service postfix is running!

[SUCCESS] Service redis-server is running!

[SUCCESS] Service rspamd is running!

[SUCCESS] Service slapd is running!

[SUCCESS] Service ssh is running!

[SUCCESS] Service yunohost-api is running!

[SUCCESS] Service yunohost-firewall is running!



=================================
System resources (systemresources)
=================================

[SUCCESS] The system still has 486 MiB (52%) RAM available out of 921 MiB.

[INFO] The system has no swap at all. You should consider adding at least 512 MiB of swap to avoid situations where the system runs out of memory.
  - Please be careful and aware that if the server is hosting swap on an SD card or SSD storage, it may drastically reduce the life expectancy of the device`.

[SUCCESS] Storage / (on device /dev/vda2) still has 94 GiB (97.7%) space left (out of 96 GiB)!

[SUCCESS] Storage /boot/efi (on device /dev/vda1) still has 100 MiB (99.7%) space left (out of 100 MiB)!



=================================
System configurations (regenconf)
=================================

[SUCCESS] All configurations files are in line with the recommended configuration!

Merci d’avance pour votre aide,
Binouzzz

salut,
quand tu tape dans la barre d’adresse de ton navigateur l’IP de destination que tu as renseigné dans tes différentes redirections tu arrive sur ton yunohost ?.

Salut,
Merci pour ton retour.
J’arrive sur mon yunohost si je mets l’adresse IP de destination ou mon domaine (en reseau local)
C’est en accès distant que ça coince

question bête, tu as redémarré ta freebox ?.

Oui je le fais après chaque manip

je te met une capture d’écran au cas ou.

J’ai l’impression d’avoir la même chose que toi.

Depuis j’ai activé l’UPnP IGD et fait un sudo yunohost firewall reload, mais ça n’a pas l’air de mieux fonctionner :
Screenshot from 2021-05-04 22-41-28

J’ai trouvé la solution à mon problème : Sur ma freebox Delta, l’aggrégation 4G était activée. Après désactivation, la partie Ports Exposure du diagnostic est passée à OK.

Malgré tout, le yunohost est toujours inaccessible depuis l’extérieur, mais je vais me débrouiller et ferai un autre topic si besoin.

Merci @axac pour tes retours.

cool, bon courage !

Bonsoir à tous,
dernier post pour expliquer la solution à mon (ou plutôt mes) problèmes.
Je ne parvenais pas à accéder à distance à mon serveur et à configurer la redirection des ports sur Freebox.
Les manipulations indiquées dans les échanges étaient bons concernant l’ouverture des ports, en revanche le problème était ailleurs.
J’avais configuré il y a longtemps un nom de domaine personnalisé freeboxos pour accéder à l’OS à distance.
En désactivant l’option d’accès à distance, le diagnostic yunohost d’exposition des ports est passé à OK.
En supprimant le nom de domaine personnalisé, l’accès au serveur yunohost s’est rétabli.

J’espère que ce retour d’expérience pourra servir pour d’autres à l’avenir.

merci pour le retour

1 Like