Some ports are closed, but not all. CGNAT Issue?

My YunoHost server

Hardware: Old laptop or computer
YunoHost version: 11.2.7
I have access to my server: through the webadmin + direct access via keyboard / screen
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? :Kind of.
If yes, please explain:

I am running Yunohost on a Debian 11 installation on an old computer. The Ethernet port is connected to a router (TP-Link Archer C20 v1, probably useless info but I’m desperate) with WDS bridging to my main network. Direct Ethernet connection is not an option.

Note: I’ve tried using a cheap repeater, although the results are similar (cannot say if the EXACT same, I’ve only tried it a few times, but anyhow I cannot get the website to open outside of local network)

Description of my issue

I cannot open specific ports on my machine. Although, some of said ports are open ONLY in ipv4 or ipv6.

At first, I thought it was a CGNAT issue, though the IP on my main router is the same as what I see through online lookup tools, and using tracert to my IP only outputs a single hop. I’m still not sure it’s NOT a CGNAT issue, but I’m trying my hardest not to have to call my ISP.

Here is the output of the ports exposure diagnosis, at the moment.

I say at the moment, as sometimes it appears to open port 22 completely, and I can’t seem to figure out why.

I’ve tried various things:

  • Port forwarding (manual and UPnP): Affects only the last three ports. Every so often, i run yunohost firewall upnp enable, and if I’m lucky, the ports open (including port 80), but only in ipv6. Asked a friend to visit the domain and they said the browser recognized it was there, it just didn’t load at all.
  • Cloudflare Tunnels: Bought a domain just for this, because the automatic DNS configuration on the domain cannot be changed. Only managed to open port 22, although, not sure if it was due to that, as port 22 appears to open indiscriminately. I know I had set it up correctly as accessing the domain landed on Cloudflare’s own page instead of mine (“failed to create record: bad request.”)
  • Ngrok: The website is only accessible (unverified as I have no confirmation of it working outside my local network) through their automatically generated free domain, which is not what I want (goal is to host a Mastodon instance.)
  • Miscellaneous router settings: I believe it to be most likely the culprit due to my setup. I’ve tweaked the settings to the moon and back - Firewall, DMZ, port triggering (?), turning off NAT and DHCP on the bridging router (??) MAC Address cloning to the host machine (only on the bridging router as I’m afraid of messing up the main one).


Firewall says all ports are open.
I can access everything ONLY through my local network.
Not sure if it’s a CGNAT issue, or if i’m even on CGNAT anyways.
To my knowledge, I have a public IP. The host machine has a static IP.

Checking individual ports with nmap on another machine:
to the host’s internal IP: “host seems down”
to my public IP:

  • 22 - filtered
  • 25 - closed
  • 80 - open (?)
  • 443 - closed
  • 587 - closed

If anyone could help, I’d be eternally grateful.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.