What type of hardware are you using: Old laptop or computer What YunoHost version are you running: 12.0.11 How are you able to access your server: The webadmin
Describe your issue
Hi community!
Today I’ve switched my ISP without changing any wiring or hardware configuration. Obviously my home server has become unreachable after this switching is made. However, the server is still unreachable from outside and this is why I’m posting this post.
I can access the web admin interface of yunohost, as well as I can connect through SSH locally.
I tried to access with my domain name kozmotronik.nohost.me which its IP adress resolves at DNS Checker - DNS Check Propagation Tool. I also tried accessing using the public IP but no avail.
Almost everything seems to be ok in the diagnosis (I’ve added the paste link of it). But the following I started to get after switching the ISP:
[WARNING] Could not diagnose if domains are reachable from outside in IPv4.
- Error: HTTPSConnectionPool(host='diagnosis.yunohost.org', port=443): Read timed out. (read timeout=30)
You will see port exposure errors in the diagnosis but the ports are already configured and open, so I think the port errors have to do with the above error.
The IP for the domain is also up to date since it is updated automatically by yunohost. So what would be the problem that makes my server unreachable from outside?
The ports are already forwarded in the router. The router hasn’t been changed. All wiring, hardware and port configurations is same as before. I just transferred my internet subscription from one ISP to another.
The firewall configuration for these ports in yunohost is also ok. Maybe I should reset and reforward all those ports on the router?
By the way, I was getting a warning with /etc/resolve.conf, saying something like it wasn’t configured correctly. So I symlinked it using the following command last night:
I did it based on this topic: /etc/resolv.conf and "Symlink error". After symlinking, that warning has dissappeared from the diagnosis reports.
So this might be the another possible cause of this problem?
Some ISPs block these ports. You should ask your new ISP if he is blocking them, since you have correctly forwarded the ports and the only change was the ISP. Ask him also if your ip is shared.
Trying to reach your server on any of the ports fails. ISPs tend to close mail-related posts, perhaps DNS and sometimes 80/443, but I am happy not to have heard of ISPs having a blanket block on even ports above 1000.
The current IP that your domain resolves to, ends in 102 (Telnet Telecom? They don’t have a website to speak of, and Turcom does not post any ISP services on their website). Is that your new IP, or the old one?
Is there anything suspicious in your /etc/hosts? I had, for a reason I don’t remember, the hostname of a server with its public IP listed there once; it gave very peculiar symptoms after migrating to another host.
In addition to that, Is it a ‘regular’ land line (xDSL, fiber) or mobile/sat? In some discussions people mention only after days of troubleshooting “Oh yes, I’m on satellite internet with carrier-grade NAT, does that make a difference?”
It is a vDSL connection. You’re right, it might be an annoying case to know it at last. I think it is better to add an additional question that asks for this information in the question template.
It is still 84.17.86.102 currently.
Umm… not sure, I’m gonna check its content when I’m home. But as a final intent of resolution, I did modify the the /etc/resolv.conf file as I mentioned in my answer #3 (I did not know how to link to that answer post). And lastly I created the file again and installed the resolvconf from the apt.
I called my new ISP’s customer service to ask them to remove any restrictions on the ports. I noted that they activated a predefined security package on my account. Then she turned off that package. I tried SSHing with the IP address but still no route to the home server. So this indicates that this issue has to do with the ISP. I will make it clear when I am home and reset the modem though.
PS: I use Syncthing in my home server and have it connected to the work computer. Interestingly Syncthing connects to my home server’s Syncthing instance through a relay server. See the image:
There is nothing there that explains your Yunohost being unreachable since switching ISPs.
It is tidier to have one line for each unique IP, and is some cases having multiple lines with the same IP can lead to unexpected results.
So, though it is not related to your current problem, you could condense the three lines 127.0.01 to a single line, and add everything on that single line.
One thing I notice, which may be related to your current problem, is that you use debian.kozmotronic.net.tr as FQDN (“fully qualified domain name”), but not your nohost.me domain.
It won’t make your server unreachable, but there is a server replying to the domain, but not to that specific hostname.
Can you tell whether it is related to your network?
I have news for you. After some back and forth communication with my new ISP, finally, I managed to communicate directly with a technical staff.
It turns out that they use a CGNAT system to deliver the clients’ IPs through an IP pool where all ports are blocked automatically for external access. And I am in one of their CGNAT pool, hence it is not possible to access ports such as 443, 80 etc., unless I pay for a static IP address.
So, now it is obvious that this issue has nothing to do with the yunohost system. Neverthless, I’d like to thank you again for taking your time and try to help me.
By the way, I would appreciate if you have any suggestions as a work around for this situtation, any suggestion but static IP please.
My first reaction would be “cheap VPS with VPN to your Yunohost”
The VPS is only needed as ‘anchor’ for your public activities, and tunnels all traffic to your Yunohost at home.
To run Wireguard or OpenVPN it needs few resources, Be sure that the VPS comes with IPv4 (Github still lives in the '90s), preferably IPv6 as well (we live in the 21th century, after all). Keep a small eye on bandwidh provided, although usually the provided bandwidth is more than enough for a home server.
I actually have a VPS running Coolify on Debian 11, as a production server. I was already planning to convert it to a Yunohost server. So you hit the point. Thank you very much for your time.
