New Yunohost set up trouble

Hi folks -

Really impressed with the slick set up. I have an old Asus Laptop in a closet physically connected to the router from my ISP. I can’t get the port forwarding to work. Here’s what I have so far:

1. I ran the set up, the system said the install was fine.
2. I ran a diagnosis and it says basically all my outside ports (22, 80, 443, etc.) are not reachable from the outside.

My YunoHost server

Hardware: Old laptop or computer
YunoHost version: 11.2.3
I have access to my server : Through SSH (if I do “192.168.1…”)| and through the webadmin | and direct access via keyboard / screen | …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : maybe. I have a second non-yunohost server, but I unplugged it from the router for the purposes of troubleshooting the yunohost server. It was set up as a DMZ server, so if needed, I can provide info on that.

Description of my issue

Thanks for the help, I’m just trying to get it to go all green on the diagnosis test for the ports.

=================================
Base system (basesystem)
=================================

[INFO] Server hardware architecture is bare-metal amd64
  - Server model is ASUSTeK Computer Inc. U56E

[INFO] Server is running Linux kernel 5.10.0-16-amd64

[INFO] Server is running Debian 11.4

[INFO] Server is running YunoHost 11.2.3 (stable)
  - yunohost version: 11.2.3 (stable)
  - yunohost-admin version: 11.2.1 (stable)
  - moulinette version: 11.2 (stable)
  - ssowat version: 11.2 (stable)



=================================
Internet connectivity (ip)
=================================

[SUCCESS] Domain name resolution is working!

[SUCCESS] The server is connected to the Internet through IPv4!
  - Global IP: xx.xx.xx.xx
  - Local IP: 192.168.1.221



=================================
DNS records (dnsrecords)
=================================

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category basic)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category mail)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category xmpp)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category extra)



=================================
Ports exposure (ports)
=================================

[ERROR] Port 22 is not reachable from the outside.
  - Exposing this port is needed for admin features (service ssh)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 25 is not reachable from the outside.
  - Exposing this port is needed for email features (service postfix)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 80 is not reachable from the outside.
  - Exposing this port is needed for web features (service nginx)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 443 is not reachable from the outside.
  - Exposing this port is needed for web features (service nginx)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 587 is not reachable from the outside.
  - Exposing this port is needed for email features (service postfix)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 993 is not reachable from the outside.
  - Exposing this port is needed for email features (service dovecot)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 5222 is not reachable from the outside.
  - Exposing this port is needed for xmpp features (service metronome)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 5269 is not reachable from the outside.
  - Exposing this port is needed for xmpp features (service metronome)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config



=================================
Web (web)
=================================

[ERROR] Domain maindomain.tld appears unreachable through HTTP from outside the local network.
  - Connection error: could not connect to the requested domain, it's very likely unreachable.



=================================
Email (mail)
=================================

[SUCCESS] The SMTP mail server is able to send emails (outgoing port 25 is not blocked).

[ERROR] The SMTP mail server is unreachable from the outside on IPv4. It won't be able to receive emails.
  - Could not open a connection on port 25 to your server in IPv4. It appears to be unreachable.
    1. The most common cause for this issue is that port 25 is not correctly forwarded to your server.
    2. You should also make sure that service postfix is running.
    3. On more complex setups: make sure that no firewall or reverse-proxy is interfering.

[ERROR] No reverse DNS is defined in IPv4. Some emails may fail to get delivered or be flagged as spam.
  - You should first try to configure reverse DNS with maindomain.tld in your internet router interface or your hosting provider interface. (Some hosting providers may require you to send them a support ticket for this).
  - Some providers won't let you configure your reverse DNS (or their feature might be broken...). If you are experiencing issues because of this, consider the following solutions:
     - Some ISP provide the alternative of using a mail server relay though it implies that the relay will be able to spy on your email traffic.
    - A privacy-friendly alternative is to use a VPN *with a dedicated public IP* to bypass this kind of limits. See https://yunohost.org/#/vpn_advantage
    - Or it's possible to switch to a different provider

[ERROR] Your IP or domain xx.xx.xx.xx is blacklisted on Spamhaus ZEN
  - The blacklist reason is: "https://www.spamhaus.org/query/ip/xx.xx.xx.xx"
  - After identifying why you are listed and fixing it, feel free to ask for your IP or domain to be removed on https://www.spamhaus.org/zen/

[SUCCESS] 0 pending emails in the mail queues



=================================
Services status check (services)
=================================

[SUCCESS] Service dnsmasq is running!

[SUCCESS] Service dovecot is running!

[SUCCESS] Service fail2ban is running!

[SUCCESS] Service metronome is running!

[SUCCESS] Service mysql is running!

[SUCCESS] Service nginx is running!

[SUCCESS] Service php7.4-fpm is running!

[SUCCESS] Service postfix is running!

[SUCCESS] Service redis-server is running!

[SUCCESS] Service rspamd is running!

[SUCCESS] Service slapd is running!

[SUCCESS] Service ssh is running!

[SUCCESS] Service yunohost-api is running!

[SUCCESS] Service yunohost-firewall is running!

[SUCCESS] Service yunomdns is running!



=================================
System resources (systemresources)
=================================

[SUCCESS] The system still has 5.0 GiB (88%) RAM available out of 5.7 GiB.

[SUCCESS] The system has 976 MiB of swap!
  - Please be careful and aware that if the server is hosting swap on an SD card or SSD storage, it may drastically reduce the life expectancy of the device.

[SUCCESS] Storage / (on device /dev/sda6) still has 648 GiB (99.6%) space left (out of 650 GiB)!

[SUCCESS] Storage /boot (on device /dev/sda1) still has 159 MiB (74%) space left (out of 213 MiB)!



=================================
System configurations (regenconf)
=================================

[SUCCESS] All configuration files are in line with the recommended configuration!



=================================
Applications (apps)
=================================

[SUCCESS] All installed apps respect basic packaging practices

I turned on port 22, and 80, but yunohost still says they are unreachable.

I turned on hairpinning, but that didn’t help either.

I also turned on upnp on the router, but that also didn’t help.

I’ve rebooted several times.

Anyway, if there are any ideas out there, I’ll give them a shot.

Thanks for the help.

By “turning on”, do you mean you configured port forwarding ? (and also disabled DMZ which you mention, which probably interferes i guess)

Thank you for the response!

yes, I mean I configured port forwarding for these ports on the Yunohost machine with that command sudo yunohost firewall reload, and yunohost said they were turned on. I also port forwarded them on the router.

No, I didn’t disable DMZ for the other server - do you think I should try that?

Also, I only have one IP to use between the two of them, so I also need to figure out “virtualhosts” or something like that. I was working from the other server to configure it to forward traffic to the yunohost server (making the OTHER server “primary”), but haven’t made much progress there.

If I can get the yunohost server up and running with the other server unplugged, maybe that’s the way to go. looks like yunohost supports multiple domains - the other server doesn’t (at least not easily).

Ok, so to further clarify, here’s the router setup for DMZ:

the local ip address IPv4 in there is the OTHER machine. So is that common to only have the ability to have 1 DMZ local IP address? Maybe this is the problem.

But this brings up another question: should I take the OTHER machine out of DMZ and just do normal port forwarding on it as well?

Anyway, thanks, I don’t know much about this stuff. but I’m willing to try to learn.

When you did this for the first " other machine", did you do anything else? My ISP has to register the DMZ on WAN. But this is maybe just via router to open all ports at your only WAN address?

no, i don’t think I did anything else - no registration with my ISP.

I think I will try taking the other machine out of the DMZ list on the router and try keeping it behind the firewall and just open the necessary ports for it - just like the Yunohost machine, and see where that gets me.

Thank you for the idea. I will report back what happens later today (if I don’t break it! ).

Ok, I took the other machine out of DMZ, and put the yunohost machine in the DMZ (my router only allows one local IP in the DMZ, so it’s either / or, but not both machines) - and the diagnosis came back that all the ports needed were accessible! so, Success, right?

But then I took the machine out of the DMZ, and turned it off, and then did port forwarding for all the required ports (outlined in the guide here: Configure port-forwarding | Yunohost Documentation ), and then re-ran the diagnosis - and everything fails.

What gives? is it my ISP denying me the option of port forwarding, even though it says I can do it in the router? Here’s the router set up:

Screenshot_2023-09-06_10-40-181147×612 74.9 KB

Note that the entries starting with “x25” are the yunohost server. There’s one 30000 port open on the other machine.
Is there something wrong with using TCP+UDP? should it only be TCP? I tried that on port 22, but it doesn’t seem to make a difference.

Anything else I can try, or should I contact my ISP at this point and ask them why port forwarding doesn’t work?

I dont know
Are you using the same LAN address for both YH machines?
Have you tried just to reboot the router too?

no, they are physically plugged into 2 separate ports on my router - the router has assigned each of them a unique LAN IP.

I went ahead and reached out to my ISP - there is no publicly available manual for their router (adtran 834), so I’ll have to rely on what they say to do.

thanks for all the help. I will update the thread with results…

ISP called - they can’t remotely access the router, and are sending a tech to physically look at it.

Maybe port forwarding is also broken (even though it looks like it is working).

Anyway…

ok, back to the same thing -
there was a problem on the router (on their side, but not mine), so they swapped the router.

I went and set all the port forwarding rules back up, and cannot see my yunohost server from the outside web. But if I do DMZ and put my server in it (using the local IP on the server), then everything tests fine.

Can’t figure this out. crazy stuff.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.