Every time i have to restart yunohost firwall after reboot yunohost server

sysop · January 26, 2022, 12:54pm

My YunoHost server

Hardware: corei7 with gigabyte motherboard installed ESXi 6.7.0 update2
**YunoHost version: 4.3.2.2 (stable)
**I have access to my server: through the web admin | direct access via keyboard/screen via ESXi web panel.
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ?: no

Description of my issue

There is no visible problem. after rebooting the yunohost server it says the firewall is running in the admin panel. but I can’t access any of my apps. But when restart firewall from admin panel everything is fine.

could you please help me to investigate the issue?

Thank you very much yunohost team for that gold kind of product.

Aleks · January 26, 2022, 1:32pm

I guess you should look at the output of iptables-save (though it’s very technical) right after reboot, before restarting the firewall

sysop · January 26, 2022, 1:45pm

This is what I got.
And I can’t access any of my apps. just the admin panel.

# Generated by xtables-save v1.8.2 on Wed Jan 26 08:44:18 2022
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:f2b-recidive - [0:0]
-A INPUT -p tcp -j f2b-recidive
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5222 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5269 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 5353 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A f2b-recidive -s 118.179.**2.**/32 -j REJECT --reject-with icmp-port-unreachab                 le
-A f2b-recidive -j RETURN
COMMIT
# Completed on Wed Jan 26 08:44:18 2022

Aleks · January 26, 2022, 1:47pm

Could this be your global IP maybe ?

Can you elaborate how (=with what url exactly) you are accessing the admin panel, versus how you are accessing your apps ?

sysop · January 26, 2022, 2:19pm

Sorry,
i forgot to obscure my ip’s.

Could this be your global IP maybe ?

yes, it is. but I have several ip’s.

.
Let me tell you elaborately.

First of all, I’m not an expert. but I know what I’m saying.

I have the domain named “domain.tld” pointing to the IP 179...76 (global IP) with proper settings following the documentation. I do all the necessary DNS setup in the domain provider.

in the local network, younohost server got the IP 192.168.1.203. so, in the Mikrotik, I port forwarded some ports including 80,443,22 and some more to the 102...76 (global IP)

Now, when I hit the domain in the browser i got the yunohost server.

But everyone connected to the Mikrotik including yunohost server who is trying to access the internet got the IP 102...74 (global IP). because of my mikrotik config.
i have reserved 4 global IP’s in total. and dedicate one for yunohost server which is 179...76 (global IP)

accessing apps:
i am accessing the apps like.
domain.tld/mattermost
domain.tld/rainloop etc…

accessing admin panel:
htt*ps://192.168.1.203/yunohost/admin/#/

Finally, thank you for your time!

Aleks · January 26, 2022, 2:31pm

Uuuh wokay I’m a bit confused between 102.**.**.76 and the 118.179.*.* ip that appeared previously …

Anyway, my guess is that it’s somehow related to the fact that the ip 118.179.*.* is banned in fail2ban recidive jail … You can check Fail2Ban | Yunohost Documentation to unban the IP, and maybe that should solve the issue

sysop · January 27, 2022, 4:02am

younohost server ----------> 118.179.*.74---------> internet
younohost server <---------- 118.179.*.76<--------- internet

i hope this graph above is clear. incoming and outgoing traffic doesn’t maintain the same path.

BTW,

sudo tail /var/log/fail2ban.log
2022-01-26 12:03:33,147 fail2ban.filter         [743]: INFO    [sshd] Found 18.**.**.74 - 2022-01-26 12:03:32
2022-01-26 12:05:22,376 fail2ban.filter         [743]: INFO    [sshd] Found 18.**.**.74 - 2022-01-26 12:05:22
2022-01-26 12:05:22,377 fail2ban.filter         [743]: INFO    [pam-generic] Found 18.**.**.74 - 2022-01-26 12:05:22
2022-01-26 12:05:23,980 fail2ban.filter         [743]: INFO    [sshd] Found 18.**.**.74 - 2022-01-26 12:05:23
2022-01-26 12:05:24,318 fail2ban.actions        [743]: NOTICE  [sshd] Ban 18.**.**.74
2022-01-26 12:05:24,322 fail2ban.filter         [743]: INFO    [recidive] Found 18.**.**.74 - 2022-01-26 12:05:24
2022-01-26 12:05:24,881 fail2ban.actions        [743]: NOTICE  [recidive] Ban 18.**.**.74
2022-01-26 12:15:23,103 fail2ban.actions        [743]: NOTICE  [sshd] Unban 18.**.**.74
2022-01-26 23:06:41,270 fail2ban.filter         [743]: INFO    [sshd] Found 192.168.1.201 - 2022-01-26 23:06:41
2022-01-26 23:06:41,271 fail2ban.filter         [743]: INFO    [pam-generic] Found 192.168.1.201 - 2022-01-26 23:06:41

My question is: why 74 IP should be banned?
i never try accessing from that IP address but locally using putty.

Aleks · January 27, 2022, 12:54pm

¯\_(ツ)_/¯

sysop · January 27, 2022, 1:30pm

Now its working.
Thank you very much.
Log Live Yunohost.

sysop · January 28, 2022, 3:59am

when back today i see the ip was banned again.
So, the unbanning one time does not work.

So, I followed the whitelisting process.
shown in the solution.

system · February 27, 2022, 3:59am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.