My YunoHost server
Hardware: Older amd64 PC. Yunohost is installed on bare metal
YunoHost version: 4.3.6.3
I have access to my server : Through SSH, through the webadmin and I have direct access via keyboard / screen
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : No
Description of my issue
Hello everyone! I’m facing a problem but I’ll give you a timeline of events to make sure I don’t miss any important details that might help:
-
I was using yunohost and no problems occured for months
-
I did an update of my system and apps (I do this every few days so I can’t tell when exactly)
-
I didn’t have time to check on it and after about a week apps stopped working
-
I can’t remember if my server was turned off or the apps simply didn’t respond and I rebooted it but a reboot happened.
-
It didn’t turn on so I checked what was going on and I noticed weird
NCQ DMA
related problems along the lines ofUnable to read next inode
-
I ran
e2fsck
to solve the problem, and it worked like a charm -
The admin dashboard is super slow now and updates don’t work.
So I started looking into what was going on and narrowed down to this post on the forum. If I understand correctly, this problem was not solved in the end and now I’m facing the exact same situation.
If the firewall is turned on, DNS resolution does not work. If I turn it off poof it does.
Examples and … stuff:
Contents of my /etc/resolv.conf
cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
Stopping firewall and running dig
yunohost firewall stop
dig google.com
; <<>> DiG 9.11.5-P4-5.1+deb10u7-Debian <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25073
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 104 IN A 142.251.16.139
google.com. 104 IN A 142.251.16.101
google.com. 104 IN A 142.251.16.113
google.com. 104 IN A 142.251.16.100
google.com. 104 IN A 142.251.16.138
google.com. 104 IN A 142.251.16.102
;; Query time: 21 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 06 18:14:48 CEST 2022
;; MSG SIZE rcvd: 135
Reloading firewall and dig
-ing again
firewall reload
Warning: Some firewall rule commands have failed. More info in log. # What?
opened_ports:
- 22
- 53
- 80
- 443
- 5353
- 8097
- 22000
dig google.com
; <<>> DiG 9.11.5-P4-5.1+deb10u7-Debian <<>> google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
Pinging 8.8.8.8
ping -c 3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=2.57 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=117 time=2.32 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=117 time=2.39 ms
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 2.321/2.427/2.569/0.111 ms
My iptables-save
output
iptables-save
# Generated by xtables-save v1.8.2 on Wed Jul 6 18:21:51 2022
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22000 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 5353 -j ACCEPT
-A INPUT -p udp -m udp --dport 8097 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
COMMIT
# Completed on Wed Jul 6 18:21:51 2022
Ideas
As far as I understood - and bear with me cause I’m not an expert with hardware related stuff - I had a disk corruption and that’s why I needed e2fsck
to fix messed up blocks, inodes and etc.
Could this result into this weird problem? It’s entirely reproducible, I can stop the firewall, do updates, have everything work perfectly, but as soon as I enable it everything goes haywire.
There are also “Failed firewall commands” but I have no idea how to check them. Those could result in behavior like this I assume so I guess I should start there?
Anyways if you check all of this out, thank you for you time and patience! You guys are awesome!