UPnP is failing to enable
Hi Guys/Gals -
UPnP (under “Tools” > "Firewall) is not enabling, and I get an error directing me to open a ticket (error message at bottom of this message)
My YunoHost server
Hardware: Old laptop or computer
YunoHost version: 11.2.5
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | (all of the above)
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : maybe
I couldn’t get the thumb drive installer to recognize the lan port on this old laptop, so I installed Debian first, and then went through the steps of overlaying (?) it with Yunohost. As far as I know, it seems to be working correctly so far.
Description of my issue
I’m trying to enable UPnP. I enabled port 30000 on my router for Minetest, and it doesn’t seem to open it (but all the other internet ports DO open). Then I noticed the firewall settings on yunohost, so I tried to enable that, and I get this error.
“Share logs with YunoPaste”. here they are:
=================================
Base system (basesystem)
=================================
[INFO] Server hardware architecture is bare-metal amd64
- Server model is Dell Inc. Latitude E4300
[INFO] Server is running Linux kernel 5.10.0-26-amd64
[INFO] Server is running Debian 11.8
[INFO] Server is running YunoHost 11.2.5 (stable)
- yunohost version: 11.2.5 (stable)
- yunohost-admin version: 11.2.3 (stable)
- moulinette version: 11.2 (stable)
- ssowat version: 11.2 (stable)
[WARNING] There's been a suspiciously high number of authentication failures recently. You may want to make sure that fail2ban is running and is correctly configured, or use a custom port for SSH as explained in https://yunohost.org/security.
=================================
Internet connectivity (ip)
=================================
[SUCCESS] Domain name resolution is working!
[SUCCESS] The server is connected to the Internet through IPv4!
- Global IP: xx.xx.xx.xx
- Local IP: 192.168.1.207
[WARNING] The server does not have working IPv6.
- IPv6 should usually be automatically configured by the system or your provider if it's available. Otherwise, you might need to configure a few things manually as explained in the documentation here: https://yunohost.org/#/ipv6.
=================================
DNS records (dnsrecords)
=================================
[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category basic)
[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category mail)
[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category xmpp)
[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category extra)
=================================
Ports exposure (ports)
=================================
[SUCCESS] Port 22 is reachable from the outside.
- Exposing this port is needed for admin features (service ssh)
[SUCCESS] Port 25 is reachable from the outside.
- Exposing this port is needed for email features (service postfix)
[SUCCESS] Port 80 is reachable from the outside.
- Exposing this port is needed for web features (service nginx)
[SUCCESS] Port 443 is reachable from the outside.
- Exposing this port is needed for web features (service nginx)
[SUCCESS] Port 587 is reachable from the outside.
- Exposing this port is needed for email features (service postfix)
[SUCCESS] Port 993 is reachable from the outside.
- Exposing this port is needed for email features (service dovecot)
[SUCCESS] Port 5222 is reachable from the outside.
- Exposing this port is needed for xmpp features (service metronome)
[SUCCESS] Port 5269 is reachable from the outside.
- Exposing this port is needed for xmpp features (service metronome)
[ERROR] Port 30000 is not reachable from the outside.
- Exposing this port is needed for [?] features (service minetest)
- To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config
=================================
Web (web)
=================================
[SUCCESS] Domain maindomain.tld is reachable through HTTP from outside the local network.
=================================
Email (mail)
=================================
[SUCCESS] The SMTP mail server is able to send emails (outgoing port 25 is not blocked).
[SUCCESS] The SMTP mail server is reachable from the outside and therefore is able to receive emails!
[ERROR] No reverse DNS is defined in IPv4. Some emails may fail to get delivered or be flagged as spam.
- You should first try to configure reverse DNS with maindomain.tld in your internet router interface or your hosting provider interface. (Some hosting providers may require you to send them a support ticket for this).
- Some providers won't let you configure your reverse DNS (or their feature might be broken...). If you are experiencing issues because of this, consider the following solutions:
- Some ISP provide the alternative of using a mail server relay though it implies that the relay will be able to spy on your email traffic.
- A privacy-friendly alternative is to use a VPN *with a dedicated public IP* to bypass this kind of limits. See https://yunohost.org/#/vpn_advantage
- Or it's possible to switch to a different provider
[ERROR] Your IP or domain xx.xx.xx.xx is blacklisted on Spamhaus ZEN
- The blacklist reason is: "https://www.spamhaus.org/query/ip/xx.xx.xx.xx"
- After identifying why you are listed and fixing it, feel free to ask for your IP or domain to be removed on https://www.spamhaus.org/zen/
[SUCCESS] 0 pending emails in the mail queues
=================================
Services status check (services)
=================================
[SUCCESS] Service dnsmasq is running!
[SUCCESS] Service dovecot is running!
[SUCCESS] Service fail2ban is running!
[SUCCESS] Service metronome is running!
[SUCCESS] Service minetest is running!
[SUCCESS] Service mysql is running!
[SUCCESS] Service nginx is running!
[SUCCESS] Service php7.4-fpm is running!
[SUCCESS] Service postfix is running!
[SUCCESS] Service redis-server is running!
[SUCCESS] Service rspamd is running!
[SUCCESS] Service slapd is running!
[SUCCESS] Service ssh is running!
[SUCCESS] Service yunohost-api is running!
[SUCCESS] Service yunohost-firewall is running!
[SUCCESS] Service yunomdns is running!
=================================
System resources (systemresources)
=================================
[SUCCESS] The system still has 4.9 GiB (84%) RAM available out of 5.7 GiB.
[SUCCESS] The system has 975 MiB of swap!
- Please be careful and aware that if the server is hosting swap on an SD card or SSD storage, it may drastically reduce the life expectancy of the device.
[SUCCESS] Storage / (on device /dev/sda1) still has 645 GiB (99.1%) space left (out of 651 GiB)!
=================================
System configurations (regenconf)
=================================
[SUCCESS] All configuration files are in line with the recommended configuration!
=================================
Applications (apps)
=================================
[SUCCESS] All installed apps respect basic packaging practices
And the error that caused me to open this ticket:
YunoHost encountered an internal error
Really sorry about that.
You should look for help on the forum or the chat to fix the situation, or report the bug on the bugtracker.
The following information might be useful for the person helping you:
Error: "500"
Action: "PUT" /yunohost/api/firewall/upnp/enable
Error message:
Could not open port via UPnP
While processing the action the server said:
Firewall reloaded
Port 1900 is already closed for IPv4 connections
Port 1900 is already closed for IPv6 connections
Firewall reloaded