Port forwarding configuration

Thibaut · November 5, 2020, 12:12pm

Hi there,

I am facing an issue that is not directly related on Yunohost, sorry for that.

My YunoHost server

Hardware: Raspberry Pi at home
YunoHost version: 4.0.8.2 (stable)
I have access to my server : Through SSH + through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

I made a diagnostic of my server and the following ports are not accessible from outside:
25
80
443
587
993
5222
5269

I tried to follow the instructions to configure my modem (UPC) but unsuccessfully.
On the port forwarding page, I have the following:

Local start/end port and External start/end port
Can you advise what to enter in those 4 boxes please?

Protocol
TCP, UDP or Both?

Enabled
On or Off?

Thank you

Thibaut

Aleks · November 5, 2020, 12:17pm

These should be 4 times the same value (so for example to forward port 80, put 80 in the four boxes). It sounds indeed overly complicated for nothing, it’s “just” that in the general case of port forwarding, one may want to be able to map multiple external port to multiple possibly-different internal port … but here we just want a “regular” port forwarding …

TCP should do the trick

On

Thibaut · November 5, 2020, 12:25pm

Wow, that was fast, thanks!

So…

25
External: error message
“The configured port range cannot contain one of the following reserved ports(25,53,135,137,138,139,161,162,445 &1080)”

80 443
error message
“Port number overlapping.”

587 993 5222 5269
OK

Aleks · November 5, 2020, 12:27pm

Meh Well that means you won’t be able to receive emails (= incoming traffic) (though usually ISP tend to block outgoing traffic to fight spam, but i guess yours is extra “cautious”…). Starting from there it kinda depends wether or not you’re interested in using the mail features of yunohost

Aleks · November 5, 2020, 12:28pm

Eh … that one is more troublesome … Could it be that there already are some rules somewhere else in the interface ? Some routers do not allow to forward port 80 / 443 because these ports are used to serve the router web interface itself … which is … annoying to say the least…

Thibaut · November 5, 2020, 12:32pm

I don’t plan to use it for emails, only data storage (nextcloud, jirafeau), so this should be fine then.

I can see that there are existing rules for both 80 and 443 under an IP address with a different ending.
Could it be from my previous device?
If so and as I on’t have it anymore, do you think I can simply update the IP address of those rules?

Aleks · November 5, 2020, 12:33pm

Sure

Thibaut · November 5, 2020, 12:42pm

Perfect, it works.
I can finally access the web domain
Thank you very much!