Hi, I recently discovered YunoHost and it is by far the best thing out there. In a few weeks I will try to start contributing as much as I can
My YunoHost server
Hardware: Linode 2GB Ram VPS. YunoHost installed on a fresh copy of Debian 10
YunoHost version: 4.1.4.4
I have access to my server : Through SSH and YunoHost Admin interface
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes
If yes, please explain: Installed WireGuard through the backports repository and OpenVPN through normal repository. Added custom rule to iptables /etc/yunohost/hooks.d/post_iptable_rules/custom_openvpn_rule
.
Custom Rule:
#!/bin/sh
### BEGIN INIT INFO
# Provides: firewall
# Required-Start:
# Required-Stop:
# X-Start-Before:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Enables and disables firewall rules
# Description: Enables and disables the firewall rules
# using iptables(8)
### END INIT INFO
LOCKFILE=/var/lock/firewall.lock
IPTABLES=/sbin/iptables
# External interface
EXT_IF=eth0
# OpenVPN public address
VPN_EXT_ADDR="72.14.187.137"
# OpenVPN private address
VPN_INT_ADDR="10.8.0.1"
set -e
. /lib/lsb/init-functions
# Load firewall rules
start_firewall() {
if [ -f "${LOCKFILE}" ]; then
log_failure_msg "Lock file exists, firewall is already enabled?"
exit 1
fi
if ! lockfile ${LOCKFILE} ; then
log_failure_msg "Cannot create a lock file!"
exit 1
fi
log_success_msg "Enabling firewall rules using iptables(8)."
# Remove any existing rules from all chains
${IPTABLES} -F
${IPTABLES} -F -t nat
${IPTABLES} -F -t mangle
# Remove any pre-existing user-defined rules
${IPTABLES} -X
${IPTABLES} -X -t nat
${IPTABLES} -X -t mangle
# Zero the counters
${IPTABLES} -Z
# Default policy
${IPTABLES} -P INPUT DROP
${IPTABLES} -P OUTPUT ACCEPT
${IPTABLES} -P FORWARD ACCEPT
# Trust the local host
${IPTABLES} -A INPUT -i lo -j ACCEPT
# Trust the internal networks
${IPTABLES} -A INPUT -p all -m state --state NEW -s 10.0.0.0/8 -j ACCEPT
# Accept established sessions
${IPTABLES} -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# NAT rules
${IPTABLES} -t nat -A POSTROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MASQUERADE
# One-To-One NAT for vpn.example.org
${IPTABLES} -t nat -I PREROUTING -i ${EXT_IF} -d ${VPN_EXT_ADDR} -j DNAT --to-destination ${VPN_INT_ADDR}
${IPTABLES} -t nat -I POSTROUTING -o ${EXT_IF} -s ${VPN_INT_ADDR} -j SNAT --to-source ${VPN_EXT_ADDR}
log_success_msg "Firewall rules loaded successfully."
}
reset_firewall() {
log_success_msg "Disabling iptables(8) firewall rules."
# Remove any existing rules from all chains
${IPTABLES} -F
${IPTABLES} -F -t nat
${IPTABLES} -F -t mangle
# Remove any pre-existing user-defined rules
${IPTABLES} -X
${IPTABLES} -X -t nat
${IPTABLES} -X -t mangle
# Zero the counters
${IPTABLES} -Z
${IPTABLES} -P INPUT ACCEPT
${IPTABLES} -P OUTPUT ACCEPT
${IPTABLES} -P FORWARD ACCEPT
log_success_msg "Firewall shutdown successful."
}
status_firewall() {
if [ -f "${LOCKFILE}" ]; then
log_success_msg "Firewall is enabled."
else
log_success_msg "Firewall is disabled."
fi
}
case "${1}" in
start)
start_firewall
;;
reset)
reset_firewall
;;
stop)
reset_firewall
rm -f "${LOCKFILE}"
;;
status)
status_firewall
;;
reload|restart|force-reload)
reset_firewall
rm -f "${LOCKFILE}"
start_firewall
;;
*)
echo "usage: ${0} {start|stop|reload|restart|force-reload|reset" >&2
;;
esac
Description of my issue
The error for SMTP port has been happening before this. I can receive emails and send locally but outgoing mail is not working.
First, I thought that was because Linode was blocking the port and that indeed was the case. I opened a support ticket and they have lifted the restriction. The Port 25 is open for both TCP and UDP. I have checked if the port is open using online port checker tools as well as nmap. Result of running nmap -p 25 72.14.187.137
is:
Starting Nmap 7.91 ( https://nmap.org ) at 2021-01-16 14:26 IST
Nmap scan report for li53-137.members.linode.com (72.14.187.137)
Host is up (0.28s latency).
PORT STATE SERVICE
25/tcp open smtp
Nmap done: 1 IP address (1 host up) scanned in 0.68 seconds
I can even telnet
into port 25
Trying 72.14.187.137...
Connected to li53-137.members.linode.com.
Escape character is '^]'.
220 domainname.tld Service ready
Full dump of the diagnosis, as I cannot use the integrated use YunoPaste (More about this in additional notes)
YunoHost Diagnosis: YunoHost Paste
Edit: Removed unrelated issue about network configuration due to Linode Network Manager