Hardware: Older amd64 PC. Yunohost is installed on bare metal
YunoHost version: 22.214.171.124
I have access to my server : Through SSH, through the webadmin and I have direct access via keyboard / screen
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : No
Hello everyone! I’m facing a problem but I’ll give you a timeline of events to make sure I don’t miss any important details that might help:
I was using yunohost and no problems occured for months
I did an update of my system and apps (I do this every few days so I can’t tell when exactly)
I didn’t have time to check on it and after about a week apps stopped working
I can’t remember if my server was turned off or the apps simply didn’t respond and I rebooted it but a reboot happened.
It didn’t turn on so I checked what was going on and I noticed weird
NCQ DMArelated problems along the lines of
Unable to read next inode
e2fsckto solve the problem, and it worked like a charm
The admin dashboard is super slow now and updates don’t work.
So I started looking into what was going on and narrowed down to this post on the forum. If I understand correctly, this problem was not solved in the end and now I’m facing the exact same situation.
If the firewall is turned on, DNS resolution does not work. If I turn it off poof it does.
Contents of my
cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.0.1
Stopping firewall and running
yunohost firewall stop dig google.com ; <<>> DiG 9.11.5-P4-5.1+deb10u7-Debian <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25073 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 104 IN A 126.96.36.199 google.com. 104 IN A 188.8.131.52 google.com. 104 IN A 184.108.40.206 google.com. 104 IN A 220.127.116.11 google.com. 104 IN A 18.104.22.168 google.com. 104 IN A 22.214.171.124 ;; Query time: 21 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jul 06 18:14:48 CEST 2022 ;; MSG SIZE rcvd: 135
Reloading firewall and
firewall reload Warning: Some firewall rule commands have failed. More info in log. # What? opened_ports: - 22 - 53 - 80 - 443 - 5353 - 8097 - 22000 dig google.com ; <<>> DiG 9.11.5-P4-5.1+deb10u7-Debian <<>> google.com ;; global options: +cmd ;; connection timed out; no servers could be reached
ping -c 3 126.96.36.199 PING 188.8.131.52 (184.108.40.206) 56(84) bytes of data. 64 bytes from 220.127.116.11: icmp_seq=1 ttl=117 time=2.57 ms 64 bytes from 18.104.22.168: icmp_seq=2 ttl=117 time=2.32 ms 64 bytes from 22.214.171.124: icmp_seq=3 ttl=117 time=2.39 ms --- 126.96.36.199 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 5ms rtt min/avg/max/mdev = 2.321/2.427/2.569/0.111 ms
iptables-save # Generated by xtables-save v1.8.2 on Wed Jul 6 18:21:51 2022 *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22000 -j ACCEPT -A INPUT -p udp -m udp --dport 53 -j ACCEPT -A INPUT -p udp -m udp --dport 5353 -j ACCEPT -A INPUT -p udp -m udp --dport 8097 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -j ACCEPT COMMIT # Completed on Wed Jul 6 18:21:51 2022
As far as I understood - and bear with me cause I’m not an expert with hardware related stuff - I had a disk corruption and that’s why I needed
e2fsck to fix messed up blocks, inodes and etc.
Could this result into this weird problem? It’s entirely reproducible, I can stop the firewall, do updates, have everything work perfectly, but as soon as I enable it everything goes haywire.
There are also “Failed firewall commands” but I have no idea how to check them. Those could result in behavior like this I assume so I guess I should start there?
Anyways if you check all of this out, thank you for you time and patience! You guys are awesome!