Trouble with Port Exposure

My YunoHost server

Hardware: Old desktop computer
YunoHost version: 11.2.10
I have access to my server : through the webadmin | direct access via keyboard / screen
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no / yes

Description of my issue

Hi,
I’m a complete beginner to hosting. I’m encountering difficulties with exposing ports on my server and could use some assistance troubleshooting the issue.

I have set up port forwarding (I think) correctly on my router, but despite that, the diagnosis tool still indicates that the ports are unexposed. On top of that, when I tried to enable UPnP in YunoHost, I got this error:

YunoHost encountered an internal error
Really sorry about that.
You should look for help on the forum or the chat to fix the situation, or report the bug on the bugtracker.
The following information might be useful for the person helping you:

Error: "500" Internal Server Error

Action: "PUT" /yunohost/api/firewall/upnp/enable

Error message:
Could not open port via UPnP

While processing the action the server said:
Firewall reloaded
Port 1900 is already closed for IPv4 connections
Port 1900 is already closed for IPv6 connections
Firewall reloaded

Here are the latest diagnosis results:

=================================
Base system (basesystem)
=================================

[INFO] Server hardware architecture is bare-metal amd64
  - Server model is Hewlett-Packard Compaq dc7800

[INFO] Server is running Linux kernel 5.10.0-28-amd64

[INFO] Server is running Debian 11.9

[INFO] Server is running YunoHost 11.2.10 (stable)
  - yunohost version: 11.2.10 (stable)
  - yunohost-admin version: 11.2.4 (stable)
  - moulinette version: 11.2 (stable)
  - ssowat version: 11.2 (stable)



=================================
Internet connectivity (ip)
=================================

[SUCCESS] Domain name resolution is working!

[SUCCESS] The server is connected to the Internet through IPv4!
  - Global IP: xx.xx.xx.xx
  - Local IP: 192.168.1.135

[WARNING] The server does not have working IPv6.
  - Having a working IPv6 is not mandatory for your server to work, but it is better for the health of the Internet as a whole. IPv6 should usually be automatically configured by the system or your provider if it's available. Otherwise, you might need to configure a few things manually as explained in the documentation here: https://yunohost.org/#/ipv6. If you cannot enable IPv6 or if it seems too technical for you, you can also safely ignore this warning.



=================================
DNS records (dnsrecords)
=================================

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category basic)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category mail)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category xmpp)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category extra)



=================================
Ports exposure (ports)
=================================

[ERROR] Port 22 is not reachable from the outside.
  - Exposing this port is needed for admin features (service ssh)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 25 is not reachable from the outside.
  - Exposing this port is needed for email features (service postfix)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 53 is not reachable from the outside.
  - Exposing this port is needed for [?] features (service adguardhome)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 80 is not reachable from the outside.
  - Exposing this port is needed for web features (service nginx)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 443 is not reachable from the outside.
  - Exposing this port is needed for web features (service nginx)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 587 is not reachable from the outside.
  - Exposing this port is needed for email features (service postfix)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 993 is not reachable from the outside.
  - Exposing this port is needed for email features (service dovecot)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 5222 is not reachable from the outside.
  - Exposing this port is needed for xmpp features (service metronome)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config

[ERROR] Port 5269 is not reachable from the outside.
  - Exposing this port is needed for xmpp features (service metronome)
  - To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config



=================================
Web (web)
=================================

[ERROR] Domain maindomain.tld appears unreachable through HTTP from outside the local network.
  - Timed-out while trying to contact your server from the outside. It appears to be unreachable.
    1. The most common cause for this issue is that port 80 (and 443) are not correctly forwarded to your server.
    2. You should also make sure that the service nginx is running
    3. On more complex setups: make sure that no firewall or reverse-proxy is interfering.



=================================
Email (mail)
=================================

[SUCCESS] The SMTP mail server is able to send emails (outgoing port 25 is not blocked).

[ERROR] The SMTP mail server is unreachable from the outside on IPv4. It won't be able to receive emails.
  - Could not open a connection on port 25 to your server in IPv4. It appears to be unreachable.
    1. The most common cause for this issue is that port 25 is not correctly forwarded to your server.
    2. You should also make sure that service postfix is running.
    3. On more complex setups: make sure that no firewall or reverse-proxy is interfering.

[ERROR] Reverse DNS is not correctly configured for IPv4. Some emails may fail to get delivered or be flagged as spam.
  - Current reverse DNS: nat-91-198-89-68.wieszowanet.pl
    Expected value: maindomain.tld
  - You should first try to configure reverse DNS with maindomain.tld in your internet router interface or your hosting provider interface. (Some hosting providers may require you to send them a support ticket for this).
  - Some providers won't let you configure your reverse DNS (or their feature might be broken...). If you are experiencing issues because of this, consider the following solutions:
     - Some ISP provide the alternative of using a mail server relay though it implies that the relay will be able to spy on your email traffic.
    - A privacy-friendly alternative is to use a VPN *with a dedicated public IP* to bypass this kind of limits. See https://yunohost.org/#/vpn_advantage
    - Or it's possible to switch to a different provider

[ERROR] Your IP or domain xx.xx.xx.xx is blacklisted on Spamhaus ZEN
  - The blacklist reason is: "https://www.spamhaus.org/query/ip/xx.xx.xx.xx", "https://www.spamhaus.org/sbl/query/SBLCSS"
  - After identifying why you are listed and fixing it, feel free to ask for your IP or domain to be removed on https://www.spamhaus.org/zen/

[ERROR] Your IP or domain xx.xx.xx.xx is blacklisted on Composite Blocking List
  - The blacklist reason is: "https://www.spamhaus.org/query/ip/xx.xx.xx.xx"
  - After identifying why you are listed and fixing it, feel free to ask for your IP or domain to be removed on cbl.abuseat.org

[SUCCESS] 0 pending emails in the mail queues



=================================
Services status check (services)
=================================

[SUCCESS] Service adguardhome is running!

[SUCCESS] Service dnsmasq is running!

[SUCCESS] Service dovecot is running!

[SUCCESS] Service fail2ban is running!

[SUCCESS] Service metronome is running!

[SUCCESS] Service mysql is running!

[SUCCESS] Service nginx is running!

[SUCCESS] Service php7.4-fpm is running!

[SUCCESS] Service php8.2-fpm is running!

[SUCCESS] Service postfix is running!

[SUCCESS] Service redis-server is running!

[SUCCESS] Service rspamd is running!

[SUCCESS] Service slapd is running!

[SUCCESS] Service ssh is running!

[SUCCESS] Service vaultwarden is running!

[SUCCESS] Service yunohost-api is running!

[SUCCESS] Service yunohost-firewall is running!

[SUCCESS] Service yunomdns is running!



=================================
System resources (systemresources)
=================================

[SUCCESS] The system still has 1.3 GiB (70%) RAM available out of 1.9 GiB.

[SUCCESS] The system has 976 MiB of swap!
  - Please be careful and aware that if the server is hosting swap on an SD card or SSD storage, it may drastically reduce the life expectancy of the device.

[SUCCESS] Storage / (on device /dev/sda6) still has 63 GiB (92.2%) space left (out of 68 GiB)!

[SUCCESS] Storage /boot (on device /dev/sda1) still has 70 MiB (33%) space left (out of 213 MiB)!



=================================
System configurations (regenconf)
=================================

[SUCCESS] All configuration files are in line with the recommended configuration!



=================================
Applications (apps)
=================================

[SUCCESS] All installed apps respect basic packaging practices.

Any help would be appreciated. Thanks :slight_smile:

Solved my problem after a few phone calls with my ISP

1 Like

Welcome! Glad you were able to fix the port exposure with wieszowanet. :slight_smile:

To update our documentation, do you know if calling is systematically needed to allow selfhosting with them?