Help 🙏 Web Admin Panel Missing After Installing iptables (Yes, I’m an Idiot)

dimi · March 19, 2025, 2:10am

What type of hardware are you using: VPS bought online
What YunoHost version are you running: 12
How are you able to access your server: SSH

I’m posting here in hopes of fixing my mistake and learning from it.

How it all began: I decided to move my Ghost CMS blog to another, higher-specced VPS (let’s call it VPS-2), that is running Yunohost 12.

I connected via SSH from my laptop to the original host (VPS-1, running YH11) and wanted to accomplish my goal with sudo mc to move files from VPS-1 to VPS-2 (specifically, pictures, located in /var/www/ghost/content/images ) , when I encountered this issue:
“sftp: failure establishing SSH session (-5)”

So this is the problem that I was trying to originally solve.
The fact that I was using a regular SSH connection just fine, but not SFTP, led me to the conclusion that Yunohost’s firewall is restricting outbound SFTP connections, even though inbound SSH (port 22) is allowed. sudo yunohost firewall list gave me:
opened_ports:

22
25
53
80
443
587
993
5222
5269
5353

Basically, as I was trying to troubleshoot an SFTP issue, I felt overly confident at asking Perplexity questions … The AI told me that yunohost firewall list shows only inbound ports and added: “I am not confident about the Yunohost way of handling outbound connections.” So we messed with iptables a little and then Perplexity suggested that I should install iptables-persistent using the following commands:
sudo apt-get install iptables-persistent
sudo dpkg-reconfigure iptables-persistent // There was a warning that essential packages like yunohost and yunohost-admin would be removed, but didn’t really pay attention Instead of stopping and thinking, I typed “Yes, do as I say!” like an idiot. The installation proceeded, and now my Yunohost web admin panel is gone.

I realize now that blindly trusting AI instructions without fully understanding the implications was a terrible idea. this was 100% my fault for not reading (and not thinking!)

Current Situation

My Ghost blog is still online (thankfully), but I can no longer access the Yunohost web admin panel.

Should I try sudo apt install yunohost ? Or should I touch /etc/yunohost/installed , as the solution here suggests?

I appreciate any advice or guidance you can provide. Thank you for taking the time to read this . these were my last commands:

sudo yunohost firewall list
sudo iptables -S | grep ESTABLISHED
sudo iptables -S | grep RELATED
sudo yunohost firewall add <myIP> --direction outgoing
sudo yunohost firewall allow <myIP> --port 22 --direction outgoing

sudo iptables -A OUTPUT -d <myIP> -p tcp --dport 22 -j ACCEPT
sudo iptables -S | grep '<myIP>'
sudo apt-get install iptables-persistent
sudo dpkg-reconfigure iptables-persistent
sudo apt-get install iptables-persistent
sudo dpkg-reconfigure iptables-persistent

sudo mc ## this is where I realized what happened and started to panic, backed up and messed with the sshd_config file (I didn't edit it, just wanted to regenerate)
mcedit /etc/ssh/sshd_config
cp /etc/ssh/sshd_config /tmp/1
sudo yunohost tools regen-conf ssh --force
yunohost tools regen-conf ssh --force
sudo mc
history

tituspijean · March 19, 2025, 5:41am

Let’s fix YunoHost first before delving into SFTP.

What are the outputs of the following commands?

sudo aptitude search yunohost
sudo ls /etc/yunohost/installed

dimi · March 19, 2025, 11:14am

c yunohost - manageable and configured self-hosting server
p yunohost-admin - web administration interface for yunohost

ls: cannot access '/etc/yunohost/installed': No such file or directory

tituspijean · March 20, 2025, 5:49am

Let’s try:

aptitude install yunohost+M yunohost-admin+M

Report back if it asks any question during their reinstallation.

After that, run touch /etc/yunohost/installed and check if everything is working again.

dimi · March 20, 2025, 8:50am

sudo aptitude install yunohost+M yunohost-admin+M
gave me

The following NEW packages will be installed:
  yunohost{a} yunohost-admin{a} 
The following packages will be REMOVED:
  bind9-host{u} bind9-libs{u} dns-root-data{u} dnsmasq-base{u} fonts-glyphicons-halflings{u} iptables-persistent{a} iso-codes{u} libdigest-bubblebabble-perl{u} 
  libev4{u} libexpat1-dev{u} libfl2{u} libfstrm0{u} libhashkit2{u} libhavege2{u} libhyperscan5{u} libjemalloc2{u} libjq1{u} libjs-bootstrap4{u} libjs-jquery{u} 
  libjs-popper.js{u} libjs-requirejs{u} libjs-sizzle{u} libjs-sphinxdoc{u} libjs-underscore{u} liblmdb0{u} liblua5.1-0{u} liblzf1{u} libmail-spf-perl{u} 
  libmemcached11{u} libminiupnpc17{u} libnet-dns-sec-perl{u} libnet-ip-perl{u} libnetaddr-ip-perl{u} libodbc1{u} libonig5{u} libopendbx1{u} libopendbx1-sqlite3{u} 
  libopendkim11{u} libperl4-corelibs-perl{u} libprotobuf-c1{u} libpython3-dev{u} libpython3.9-dev{u} librbl1{u} libunbound8{u} libunwind8{u} libvbr2{u} libyaml-0-2{u} 
  lua-cjson{u} lua-json{u} lua-ldap{u} lua-lpeg{u} lua-rex-pcre{u} netfilter-persistent{u} node-jquery{u} nslcd{u} nslcd-utils{u} php-mbstring{u} php7.4-mbstring{u} 
  php8.1-mbstring{u} php8.3-mbstring{u} python-apt-common{u} python-pip-whl{u} python3-appdirs{u} python3-apt{u} python3-attr{u} python3-bottle{u} python3-bs4{u} 
  python3-cached-property{u} python3-certifi{u} python3-cffi-backend{u} python3-chardet{u} python3-cryptography{u} python3-dateutil{u} python3-defusedxml{u} 
  python3-dev{u} python3-distro-info{u} python3-distutils{u} python3-freezegun{u} python3-future{u} python3-gevent{u} python3-gevent-websocket{u} python3-greenlet{u} 
  python3-html5lib{u} python3-idna{u} python3-ifaddr{u} python3-isodate{u} python3-lib2to3{u} python3-lxml{u} python3-markupsafe{u} python3-pkg-resources{u} 
  python3-prompt-toolkit{u} python3-pyasn1{u} python3-pyasn1-modules{u} python3-pygments{u} python3-pyinotify{u} python3-pyparsing{u} python3-requests-file{u} 
  python3-requests-toolbelt{u} python3-setuptools{u} python3-soupsieve{u} python3-systemd{u} python3-tldextract{u} python3-tz{u} python3-urllib3{u} python3-wcwidth{u} 
  python3-webencodings{u} python3-wheel{u} python3-yaml{u} python3-zeep{u} python3-zope.event{u} python3-zope.interface{u} python3.9-dev{u} redis-tools{u} 
  zlib1g-dev{u} 
0 packages upgraded, 2 newly installed, 114 to remove and 0 not upgraded.
Need to get 0 B/7,252 kB of archives. After unpacking 110 MB will be freed.
The following packages have unmet dependencies:
 rspamd : Depends: fonts-glyphicons-halflings but it is not going to be installed
          Depends: libjs-bootstrap4 but it is not going to be installed
          Depends: libjs-jquery but it is not going to be installed
          Depends: libjs-requirejs but it is not going to be installed
          Depends: libhyperscan5 (>= 5.4.0) but it is not going to be installed
          Depends: libunwind8 but it is not going to be installed
 dnsmasq : Depends: dnsmasq-base but it is not going to be installed
 libnet-dns-perl : Depends: libnet-ip-perl but it is not going to be installed
 postfix-policyd-spf-perl : Depends: libnetaddr-ip-perl (>= 4) but it is not going to be installed
                            Depends: libmail-spf-perl (>= 2.006) but it is not going to be installed
 redis-server : Depends: redis-tools (= 5:6.0.16-1+deb11u4) but it is not going to be installed
 libpam-ldapd : Depends: nslcd (>= 0.9.0) but it is not going to be installed or
                         nslcd-2 which is a virtual package, provided by:
                         - pynslcd (0.9.11-1), but it is not going to be installed
                         - nslcd (0.9.11-1), but it is not going to be installed

 python3-miniupnpc : Depends: libminiupnpc17 (>= 1.9.20140610) but it is not going to be installed
 slapd : Depends: libodbc1 (>= 2.3.1) but it is not going to be installed
 python3-publicsuffix2 : Depends: python3-pkg-resources but it is not going to be installed
 python3-requests : Depends: python3-certifi but it is not going to be installed
                    Depends: python3-chardet (>= 3.0.2) but it is not going to be installed
                    Depends: python3-idna but it is not going to be installed
                    Depends: python3-urllib3 (>= 1.21.1) but it is not going to be installed
 python3-zeroconf : Depends: python3-ifaddr but it is not going to be installed
 python3-ldap : Depends: python3-pyasn1 (>= 0.3.7) but it is not going to be installed
                Depends: python3-pyasn1-modules but it is not going to be installed
 j2cli : Depends: python3-markupsafe but it is not going to be installed
         Depends: python3-setuptools but it is not going to be installed
         Depends: python3-yaml but it is not going to be installed
 python3-packaging : Depends: python3-pyparsing but it is not going to be installed
 python3-openssl : Depends: python3-cryptography (>= 3.2) but it is not going to be installed
 moulinette : Depends: python3-bottle (>= 0.12) but it is not going to be installed
              Depends: python3-gevent-websocket but it is not going to be installed
              Depends: python3-prompt-toolkit but it is not going to be installed
              Depends: python3-pygments but it is not going to be installed
              Depends: python3-tz but it is not going to be installed
              Depends: python3-yaml but it is not going to be installed
 bind9-dnsutils : Depends: bind9-host but it is not going to be installed or
                           host which is a virtual package, provided by:
                           - bind9-host (1:9.18.24-1~bpo11+1), but it is not going to be installed
                           - bind9-host (1:9.16.50-1~deb11u1), but it is not going to be installed
                           - bind9-host (1:9.16.50-1~deb11u2), but it is not going to be installed

                  Depends: bind9-libs (= 1:9.16.50-1~deb11u2) but it is not going to be installed
                  Depends: libprotobuf-c1 (>= 1.0.0) but it is not going to be installed
 libnss-ldapd : Depends: nslcd (>= 0.9.0) but it is not going to be installed or
                         nslcd-2 which is a virtual package, provided by:
                         - pynslcd (0.9.11-1), but it is not going to be installed
                         - nslcd (0.9.11-1), but it is not going to be installed

 haveged : Depends: libhavege2 (>= 1.9.13) but it is not going to be installed
 python3-jinja2 : Depends: python3-markupsafe but it is not going to be installed
 python3-lexicon : Depends: python3-bs4 but it is not going to be installed
                   Depends: python3-cryptography (>= 1.3.4) but it is not going to be installed
                   Depends: python3-future but it is not going to be installed
                   Depends: python3-tldextract but it is not going to be installed
                   Depends: python3-yaml but it is not going to be installed
                   Depends: python3-zeep but it is not going to be installed
 python3-pip : Depends: python3-distutils but it is not going to be installed
               Depends: python3-setuptools but it is not going to be installed
               Depends: python3-wheel but it is not going to be installed
               Depends: python-pip-whl (= 20.3.4-4+deb11u1) but it is not going to be installed
 opendkim-tools : Depends: liblua5.1-0 but it is not going to be installed
                  Depends: libmemcached11 but it is not going to be installed
                  Depends: libopendbx1 (>= 1.4.6) but it is not going to be installed
                  Depends: libopendkim11 (>= 2.11.0~alpha) but it is not going to be installed
                  Depends: librbl1 (>= 2.7.2) but it is not going to be installed
                  Depends: libunbound8 (>= 1.8.0) but it is not going to be installed
                  Depends: libvbr2 (>= 2.7.2) but it is not going to be installed
 at : Depends: libfl2 (>= 2.5.33) but it is not going to be installed
 jq : Depends: libjq1 (= 1.6-2.1) but it is not going to be installed
 unattended-upgrades : Depends: python3-apt (>= 1.9.6~) but it is not going to be installed
                       Depends: python3-distro-info but it is not going to be installed
 php-php-gettext : Depends: php-mbstring but it is not going to be installed
 ssowat : Depends: lua-ldap but it is not going to be installed
          Depends: lua-json but it is not going to be installed
          Depends: lua-rex-pcre but it is not going to be installed
open: 4737; closed: 7070; defer: 5; conflict: 5
No solution found within the allotted time.  Try harder? [Y/n]

Should I pick Yes at ‘Try harder [Y/n]’ ?
or touch /etc/yunohost/installed right away?

system · April 19, 2025, 8:51am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.