Issues opening ports to yunohost

My YunoHost server:

Hardware: Raspberry Pi4 at home
YunoHost version: 4.1.7.2
I have access to my server : through the web admin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Hello, new yunohost frens! I am trying to get my yunohost configured properly for the first time on my Raspberry Pi4 here at home. I am on the diagnosis screen in the web admin interface. I am currently unable to connect through HTTP from outside my local network, and all of my ports show up as unreachable. I am on Google Fiber and can reach my network admin settings to create forwarding rules, but they don’t seem to take effect. I also have UPnP enabled on my network, and I ran command
$ sudo yunohost firewall reload as suggested here:
https://yunohost.org/en/isp_box_config

I have poured over documentation for yunohost as well as Google Fiber and I’m totally stumped. I would greatly appreciate some pointers if possible!

Here is a screengrab of the logs I have so far:

If any of these logs are needed in further detail I can provide them. Thank you in advance for your assistance on this matter!

Do you have any access to some admin interface for your router, as described in Port forwarding or port opening - Google Wifi Help maybe ?

Yep! The interface looks like this:

I tried manually entering the forwarding rules before, but it didn’t work, so I tried executing the UPnP command on the Pi4 itself, that didn’t seem to work either even though it displayed a “success” message

Also, in the Google documentation you referred to it mentions “choose the tab for the the type of IP address you’re forwarding, IPv4 or IPv6” but I don’t have an option to toggle tabs between IPv4/6 on my end.

Been looking further and found that the documentation you referenced uses the “Google Home app” which I do not use, I have a Google fiber connection but the interface is slightly different than that of Google Home app.

I have attached a screen cap of the forwarding rules I tried manually, perhaps you might be able to tell what I’m doing wrong?

I may just try to reflash the SD and start from square one, because initially I tried to use my own DNS and couldn’t figure out that either, so then went over to the auto dns.

@aleks thanks for the initial response

I’ve been working on trying to solve this issue. I have the ports open, and they show up as open from a port scanner but the diagnostic tools still show them as closed.

I ran the package upgrader, so now I’m running YunoHost 4.2.6.1 and everything shows as up-to-date. I tried to use the YunoPaste feature to share my logs, but I get a 400 error when attempting.

I am running a Raspiblitz lightning node from the same area network; is this what’s giving me my porting woes? Would love some help. I am ultimately trying to run Castopod from this yunohost server. I installed Castopod but when I try to import my podcast feed, I get an unspecific error that says “try again later”

bumping again for visibility…I have also sat on the support chat waiting patiently, would really love to use this product!

Hmokay so I’m a bit confused …

  • can you tell a bit more about what is this “port scanner” that says ports are opened ? (Maybe they are, it gets a bit technical and depends on how / what test exactly is done to check if a port is opened)
  • Assuming your ports really are opened, are you able to access your server from the outside network (for example through a 3G/4G internet connection or whatever)

Apart from this, the last screenshot your provided sounds super legit to me … I would just of course double-check that the ‘reversed IP’ is indeed the local IP of your server …

Another way could be to enable the DMZ instead of port forwarding, but if port forwarding doesn’t work, then it sounds more like something else somewhere is interfering …

1 Like

the port scanner is called “PortScan & Stuff” was recommended to me by a friend. Softpedia entry about it here:

I can successfully reach my server off local network (I get an ssl warning but just click proceed) by visiting bowlafterbowl.nohost.me on my phone with wifi off, and can successfully log in. Some others helping me troubleshoot have also been able to get my server to pull up on their networks, although they of course can’t get past the login screen without credentials.

The reserve IP is indeed correct for my Yunohost server. One question I am still unsure of: Is this port error possibly caused due to running a RaspiBlitz lightning node on the same local network? it is on a separate Pi with its own separate dedicated IP.

I don’t think it is from the lightning node, i am having a similar issue and my lightning node is on a different vps

1 Like

I am trying to remain positive as I’d really love to get this solution up and running, my current podcasting host expires at the end of this month, but i’m getting nothing in terms of help or suggestions

I can navigate to your page from my connection

Have you created all the recommended DNS records for your domain? It might not be a ports issue but maybe that you’re missing some of the DNS records? Yunohost needs a shit ton of DNS records for each domain. I had to add like 17 different DNS records for mine. You need to add all of these (with your actual info not the info in example) in order to get the ssl certificate to work

Basic ipv4/ipv6 records

@ 3600 IN A 111.222.33.44

  • 3600 IN A 111.222.33.44

(If your server is IPv6 capable, there are some AAAA records)

@ 3600 IN AAAA 2222:444:8888:3333:bbbb:5555:3333:1111

  • 3600 IN AAAA 2222:444:8888:3333:bbbb:5555:3333:1111

XMPP

_xmpp-client._tcp 3600 IN SRV 0 5 5222 your.domain.tld.
_xmpp-server._tcp 3600 IN SRV 0 5 5269 your.domain.tld.
muc 3600 IN CNAME @
pubsub 3600 IN CNAME @
vjud 3600 IN CNAME @
xmpp-upload 3600 IN CNAME @

Mail (MX, SPF, DKIM and DMARC)

@ 3600 IN MX 10 your.domain.tld.
@ 3600 IN TXT “v=spf1 a mx -all”
mail._domainkey 3600 IN TXT “v=DKIM1; k=rsa; p=someHuuuuuuugeKey”
_dmarc 3600 IN TXT “v=DMARC1; p=none”

1 Like

the DNS records were supposed to be automatically propagated when I use a nohost.me domain though, right?

Regardless, the DNS section is one of the sections in diagnostics where everything shows as good

I still think that somehow this is a problem specific to IPv6…but I have no clue how to troubleshoot IPv6; network configuration isn’t something I have a lot of experience in.

Then it’s probably not a huge deal : network is a complicated matter and it’s a bit difficult to diagnose and debug stuff just from a forum :stuck_out_tongue_winking_eye:

But basically if things do work in IPv4, then let’s just disable IPv6 entirely on your server (having IPv6 running is better for the general health of the internet, but life is too short to debug every computer problem)

I’m on the train right now so I’m struggling to google “disable ipv6 on debian” on Google, but basically this corresponds to two commands like “sysctl something” your gotta type on your server

1 Like

Been out of town all weekend, but just getting back. Will look into how to disable IPv6 thank you for the suggestion

force disabling ipv6 using this guide worked for me:

I used the first method of editing the sysctl.conf file. all ports now show open in diagnostics! I just ignore the ipv6 not reachable error.

My castopod is still failing to import my podcast feed but I’ll have to ask another forum about that issue! Thank you for solving my port problem :slight_smile: