[Solved] My server can't use open ports

Hey everyone,

I seek some help to troubleshoot my yunohost instance which is not available from outside my network since weeks because of broken port forwarding.

My YunoHost server

Hardware: Old laptop mainboard
YunoHost version: (stable)
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If yes, please explain:

Description of my issue

I am running a yunohost server with success since a half year. I don’t have a static IP address, so I use the DynDNS service build in to yunohost. A month ago a new router arrived from my provider and since two weeks I can’t reach my server from outside my network.

The diagnosis tool in yunohost showed that no port is accessible from outside the network: https://paste.yunohost.org/raw/urofonapev (sry that it is in german)

But the IP address behind my domain is correctly mapped tot my routers public IP address. I checked that.

In order to solve the issue, in the last week I tried to:

  • restart the server
  • manually reload the yunohost firewall with sudo yunohost firewall reload with a success message
  • deactivate and enable UPnP (the router does recognize the requests in the logs and opened the ports)
  • reset the configuration for the server in the router interface and opened the ports manually

All with no success. The router tells me that the ports are opened and also the server opened the ports. I looked it up with ss -tulpn:

admin@server:~$ sudo ss -tulpn
Netid        State         Recv-Q        Send-Q                                           Local Address:Port                Peer Address:Port                                                                                                                                                           
udp          UNCONN        0             0                                                       *           users:(("jellyfin",pid=550,fd=303))                                                                                                                
udp          UNCONN        0             0                                                         *           users:(("dnsmasq",pid=658,fd=4))                                                                                                                   
udp          UNCONN        0             0                                                         *           users:(("dhclient",pid=527,fd=7))                                                                                                                  
udp          UNCONN        0             0                                                 *           users:(("ntpd",pid=918,fd=19))                                                                                                                     
udp          UNCONN        0             0                                                     *           users:(("ntpd",pid=918,fd=27))                                                                                                                     
udp          UNCONN        0             0                                                      *           users:(("ntpd",pid=918,fd=18))                                                                                                                     
udp          UNCONN        0             0                                                        *           users:(("ntpd",pid=918,fd=17))                                                                                                                     
udp          UNCONN        0             0                                                      *           users:(("jellyfin",pid=550,fd=304))                                                                                                                
udp          UNCONN        0             0                                               *           users:(("jellyfin",pid=550,fd=305))                                                                                                                
udp          UNCONN        0             0                                                   *           users:(("jellyfin",pid=550,fd=306))                                                                                                                
udp          UNCONN        0             0                                                       *           users:(("jellyfin",pid=550,fd=324))                                                                                                                
udp          UNCONN        0             0                                                *           users:(("yunomdns",pid=517,fd=4))                                                                                                                  
udp          UNCONN        0             0                                                       *           users:(("yunomdns",pid=517,fd=3))                                                                                                                  
udp          UNCONN        0             0                                                   *           users:(("jellyfin",pid=550,fd=307))                                                                                                                
udp          UNCONN        0             0                                                         [::]:53                          [::]:*           users:(("dnsmasq",pid=658,fd=6))                                                                                                                   
udp          UNCONN        0             0                                  [fd00::2ad2:44ff:fedf:62be]:123                         [::]:*           users:(("ntpd",pid=918,fd=26))                                                                                                                     
udp          UNCONN        0             0                          [fe80::2ad2:44ff:fedf:62be]%enp0s25:123                         [::]:*           users:(("ntpd",pid=918,fd=22))                                                                                                                     
udp          UNCONN        0             0                    [2a02:810a:11bf:dcbc:2ad2:44ff:fedf:62be]:123                         [::]:*           users:(("ntpd",pid=918,fd=21))                                                                                                                     
udp          UNCONN        0             0                      [fe80::c4e7:e8ff:fe26:413e]%vethd452cde:123                         [::]:*           users:(("ntpd",pid=918,fd=31))                                                                                                                     
udp          UNCONN        0             0                    [fe80::42:ecff:fe51:f81f]%br-ae025d3802ea:123                         [::]:*           users:(("ntpd",pid=918,fd=29))                                                                                                                     
udp          UNCONN        0             0                                                        [::1]:123                         [::]:*           users:(("ntpd",pid=918,fd=20))                                                                                                                     
udp          UNCONN        0             0                                                         [::]:123                         [::]:*           users:(("ntpd",pid=918,fd=16))                                                                                                                     
tcp          LISTEN        0             128                                                     *           users:(("gunicorn",pid=2152,fd=5),("gunicorn",pid=1342,fd=5))                                                                                      
tcp          LISTEN        0             128                                                   *           users:(("postgres",pid=902,fd=5))                                                                                                                  
tcp          LISTEN        0             100                                                       *           users:(("master",pid=1139,fd=13))                                                                                                                  
tcp          LISTEN        0             128                                                      *           users:(("nginx",pid=1327,fd=20),("nginx",pid=1326,fd=20),("nginx",pid=1325,fd=20),("nginx",pid=1323,fd=20),("nginx",pid=1322,fd=20))               
tcp          LISTEN        0             128                                                      *           users:(("slapd",pid=901,fd=9))                                                                                                                     
tcp          LISTEN        0             100                                                     *           users:(("dovecot",pid=1026,fd=15))                                                                                                                 
tcp          LISTEN        0             100                                                      *           users:(("dovecot",pid=1026,fd=38))                                                                                                                 
tcp          LISTEN        0             128                                                   *           users:(("yunohost-api",pid=544,fd=6))                                                                                                              
tcp          LISTEN        0             128                                                  *           users:(("rspamd",pid=1149,fd=8),("rspamd",pid=1148,fd=8),("rspamd",pid=1147,fd=8),("rspamd",pid=1146,fd=8),("rspamd",pid=745,fd=8))                
tcp          LISTEN        0             128                                                  *           users:(("rspamd",pid=1149,fd=15),("rspamd",pid=1148,fd=15),("rspamd",pid=745,fd=15))                                                               
tcp          LISTEN        0             128                                                    *           users:(("slapd",pid=901,fd=8))                                                                                                                     
tcp          LISTEN        0             128                                                  *           users:(("rspamd",pid=1149,fd=11),("rspamd",pid=1148,fd=11),("rspamd",pid=1147,fd=11),("rspamd",pid=745,fd=11))                                     
tcp          LISTEN        0             128                                                     *           users:(("lua5.1",pid=825,fd=19))                                                                                                                   
tcp          LISTEN        0             128                                                   *           users:(("node",pid=560,fd=27))                                                                                                                     
tcp          LISTEN        0             128                                                   *           users:(("lua5.1",pid=825,fd=14))                                                                                                                   
tcp          LISTEN        0             100                                                      *           users:(("master",pid=1139,fd=18))                                                                                                                  
tcp          LISTEN        0             128                                                   *           users:(("redis-server",pid=585,fd=6))                                                                                                              
tcp          LISTEN        0             100                                                      *           users:(("dovecot",pid=1026,fd=36))                                                                                                                 
tcp          LISTEN        0             128                                                       *           users:(("nginx",pid=1327,fd=18),("nginx",pid=1326,fd=18),("nginx",pid=1325,fd=18),("nginx",pid=1323,fd=18),("nginx",pid=1322,fd=18))               
tcp          LISTEN        0             128                                                   *           users:(("jupyterhub",pid=538,fd=6))                                                                                                                
tcp          LISTEN        0             10                                                   *           users:(("postsrsd",pid=479,fd=4))                                                                                                                  
tcp          LISTEN        0             128                                                   *           users:(("node",pid=2123,fd=19))                                                                                                                    
tcp          LISTEN        0             10                                                   *           users:(("postsrsd",pid=479,fd=5))                                                                                                                  
tcp          LISTEN        0             128                                                     *           users:(("lua5.1",pid=825,fd=17))                                                                                                                   
tcp          LISTEN        0             32                                                        *           users:(("dnsmasq",pid=658,fd=5))                                                                                                                   
tcp          LISTEN        0             128                                                       *           users:(("sshd",pid=641,fd=3))                                                                                                                      
tcp          LISTEN        0             128                                                      [::1]:5432                        [::]:*           users:(("postgres",pid=902,fd=3))                                                                                                                  
tcp          LISTEN        0             100                                                       [::]:25                          [::]:*           users:(("master",pid=1139,fd=14))                                                                                                                  
tcp          LISTEN        0             128                                                       [::]:443                         [::]:*           users:(("nginx",pid=1327,fd=21),("nginx",pid=1326,fd=21),("nginx",pid=1325,fd=21),("nginx",pid=1323,fd=21),("nginx",pid=1322,fd=21))               
tcp          LISTEN        0             128                                                       [::]:636                         [::]:*           users:(("slapd",pid=901,fd=10))                                                                                                                    
tcp          LISTEN        0             100                                                       [::]:4190                        [::]:*           users:(("dovecot",pid=1026,fd=16))                                                                                                                 
tcp          LISTEN        0             128                                                          *:8095                           *:*           users:(("jellyfin",pid=550,fd=288))                                                                                                                
tcp          LISTEN        0             100                                                       [::]:993                         [::]:*           users:(("dovecot",pid=1026,fd=39))                                                                                                                 
tcp          LISTEN        0             128                                                      [::1]:11332                       [::]:*           users:(("rspamd",pid=1149,fd=9),("rspamd",pid=1148,fd=9),("rspamd",pid=1147,fd=9),("rspamd",pid=1146,fd=9),("rspamd",pid=745,fd=9))                
tcp          LISTEN        0             128                                                      [::1]:11333                       [::]:*           users:(("rspamd",pid=1149,fd=17),("rspamd",pid=1148,fd=17),("rspamd",pid=745,fd=17))                                                               
tcp          LISTEN        0             128                                                      [::1]:11334                       [::]:*           users:(("rspamd",pid=1149,fd=13),("rspamd",pid=1148,fd=13),("rspamd",pid=1147,fd=13),("rspamd",pid=745,fd=13))                                     
tcp          LISTEN        0             128                                                       [::]:5222                        [::]:*           users:(("lua5.1",pid=825,fd=18))                                                                                                                   
tcp          LISTEN        0             128                                                          *:5001                           *:*           users:(("node",pid=1573,fd=18))                                                                                                                    
tcp          LISTEN        0             80                                                           *:3306                           *:*           users:(("mysqld",pid=741,fd=21))                                                                                                                   
tcp          LISTEN        0             128                                                      [::1]:5290                        [::]:*           users:(("lua5.1",pid=825,fd=15))                                                                                                                   
tcp          LISTEN        0             100                                                       [::]:587                         [::]:*           users:(("master",pid=1139,fd=19))                                                                                                                  
tcp          LISTEN        0             128                                                      [::1]:6379                        [::]:*           users:(("redis-server",pid=585,fd=7))                                                                                                              
tcp          LISTEN        0             100                                                       [::]:143                         [::]:*           users:(("dovecot",pid=1026,fd=37))                                                                                                                 
tcp          LISTEN        0             128                                                          *:8080                           *:*           users:(("node",pid=2123,fd=18))                                                                                                                    
tcp          LISTEN        0             128                                                       [::]:80                          [::]:*           users:(("nginx",pid=1327,fd=19),("nginx",pid=1326,fd=19),("nginx",pid=1325,fd=19),("nginx",pid=1323,fd=19),("nginx",pid=1322,fd=19))               
tcp          LISTEN        0             128                                                          *:8083                           *:*           users:(("python3",pid=549,fd=9))                                                                                                                   
tcp          LISTEN        0             128                                                       [::]:5269                        [::]:*           users:(("lua5.1",pid=825,fd=16))                                                                                                                   
tcp          LISTEN        0             32                                                        [::]:53                          [::]:*           users:(("dnsmasq",pid=658,fd=7))                                                                                                                   
tcp          LISTEN        0             128                                                       [::]:22                          [::]:*           users:(("sshd",pid=641,fd=4))                                             

But then what is the problem? Do you have any ideas?

I assumed that maybe the internet provider does not give me a public dynamic IPv4 address after they upgraded the router. But today in the morning all services were magically accessible from outside the network. But only for a short period of time… This is so weird to me.

Thanks for any suggestion!

Random questions just to make more things clears :

On your router, how did you do the port mapping ? (Only Upnp or manual mapping, or dmz ?)
When it worked/stopped working, did something changed in the network ? (I’m thinking as something like there were only your server and it worked and then, when a second device connected, it stopped ? )

Something similar happened to me on Nov 30.

After using YunoHost for more than a year without major issues, two days ago ports 80, 443, 587 and 993 were showing closed by the diagnostics tool and the server wasn’t reachable via HTTP.

YunoHost’s firewall said they were open.

I use port forwarding —not DMZ or UPnP— and I tried updating the numbers by removing the IP and writing it down again to update the settings, but that didn’t fix anything. I tried restarting my YunoHost server, but the issue remained. I tried to forward traffic to a different server, but nothing changed.

In the end, I restarted my router and I believe everything is working as expected now.

(RaspberryPi, at this moment)

Oh, I’m thinking about this just now, but what is your ISP ?
Does it provide a non-shared public ip address ?

Some of them do, some don’t, and for some you have to explicitily ask.
For thosk that don’t, you might have one, by luck, but it can change and be shared. Or it can be shared but by luck, you are the one that receive the messages on standards ports (untill it changes).

Do you mean CGNat? If that’s the case, I opted out from CGNat as soon as I signed the contract, a year ago.

Originally (when it worked) it was only UPnP, but since the problem occurred I tried both.

Currently UPnP is enabled and I have 10 active port mapping AND most ports are also mapped manually. I also tried those options exclusive from each other to make sure it is not a configuration problem.

Actually I think this is exactly the problem!
I think I had one by luck before they upgraded my router. To have a public address seems definitely not intended for a “home contract”, since they only give you a public (static) address in the business option.
And I observed today the message “Connected to the internet via DS Lite Tunnel” in the interface of my router. I did not noticed it before, so this might be connected to the problem.

As far as I understood (Dual-Stack Lite (DS-Lite) IPv6 Transition Technology – CGNAT, AFTR, B4 and Softwire), this means I do not have a public IPv4 anymore but at least a public IPv6 address. But could it be that a public IPv4 address is required for the yunohost DynDNS service? I assume my traffic was not “tunneled” before the upgrade so that I received a public and exclusive dynamic IPv4 address that time.

Do you think this is the problem or do we need more troubleshooting to cancel out other possibilities?

thx for your suggestion. Unfortunately restarting the router did not helped in my case.


I called the hotline of my ISP today and requested to exclude me from the DS Tunnel. They helped me and now the system is available from outside again :smiley:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.