Yunohost-firewall service is unknown and all ports are unreachable

aven · February 7, 2026, 9:58pm

What type of hardware are you using: Old laptop or computer
What YunoHost version are you running: 12.1.39
How are you able to access your server: The webadmin
SSH
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: No

Describe your issue

Hi, I have the following issue. All ports are unreachable according to the webadmin (which I am able to reach from the local network), I am unable to reach anything from outside the local network. I can reload the firewall through ssh, but that doesn’t change anything. My server is in DMZ on my router so I don’t think it is an issue with my internet provider. This happened all of a sudden so I don’t know were to begin looking for issues. I found something on the forum about ufw and firewall conflicting, but it seems I do not have ufw on my server?
What steps do I need to take to find the issue?

Weirdly, while I am able to ‘reload’ firewall. If i do the command ‘yunohost service start yunohost-firewall’ It gives the error “error: Unknown service ‘yunohost-firewall’”?

Any ideas how to proceed?

Share relevant logs or error messages

“error: Unknown service ‘yunohost-firewall’”?

otm33 · February 7, 2026, 11:19pm

hi @aven
yunohost firewall manages nftables.service (webadmin>tools>services)

from diagnosis or webadmin>firewall ?

aven · February 8, 2026, 8:10am

Hi otm33, thanks for answering so quickly,

In the diagnosis all ports are said to be unreachable. When I look in the webadmin>firewall, the necessary ports are said to be open (green toggle).

I have a also identified a different problem, when I try to update I get the following errors;

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 62D54FD4003F6525

W: Failed to fetch https://dl.yarnpkg.com/debian/dists/stable/InRelease The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 62D54FD4003F6525

W: Some index files failed to download. They have been ignored, or old ones used instead.

Something went wrong while updating the cache of APT (Debian’s package manager). Here is a dump of the sources.list lines, which might help identify problematic lines:sources.list:deb  bookworm mainsources.list:deb-src  bookworm mainsources.list:deb  bookworm-security mainsources.list:deb-src  bookworm-security mainsources.list:deb  bookworm-updates mainsources.list:deb-src  bookworm-updates mainsources.list.d/extra_php_version.list:deb [signed-by=/etc/apt/trusted.gpg.d/extra_php_version.gpg]  bookworm mainsources.list.d/yarn.list:deb [signed-by=/etc/apt/trusted.gpg.d/yarn.gpg] https://dl.yarnpkg.com/debian/ stable mainsources.list.d/yunohost.list:deb [signed-by=/usr/share/keyrings/yunohost-bookworm.gpg]  bookworm stable

there seems to have been a short power outage which might have occured while the server was updating automatically. However when I run sudo yunohost tools regen-conf postfix --dry-run I get no results either

jarod5001 · February 8, 2026, 9:03am

Try running sudo yunohost tools regen-conf apt -f

Then sudo yunohost tools regen-conf --dry-run --with-diff

And share the diagnosis link

mobi0001 · February 8, 2026, 9:33am

This one seems to be cause the keyring expired. I solved both PHP & Yarn issue and shared here: https://forum.yunohost.org/t/php-repo-key-expired-solved/41499

mobi0001 · February 8, 2026, 9:34am

Sorry, cannot post links, as created a new account for the PHP & Yarn issue just now.

otm33 · February 8, 2026, 10:09am

The issue with expired keys is normal and common (see here and here).
From outside of your LAN, could you try

nmap -p 443 YOURPUBLICIP

Could your isp have started using CGNAT ?
For testing purpose, could you try moving your ynh from DMZ and setting up portforwarding instead?

aven · February 8, 2026, 10:15am

I ran the two commands and then reran the diagnosis: logs here https://paste.yunohost.org/raw/figuzaduxu

mobi0001 · February 8, 2026, 10:16am

This one does not work and hence I created my thread. It kept giving error, and I mentioned that in the xmpp chat room as well.

otm33 · February 8, 2026, 10:32am

Ok! What’s the difference ?

mobi0001 · February 8, 2026, 10:39am

Okay, I just re-checked. I was only trying the “solved answer” part, and did not take the real look at all posts there. My bad.

otm33 · February 8, 2026, 10:44am

No problem, no worries

aven · February 8, 2026, 10:49am

The solution seems to be to move the server outside the DMZ, but I do not understand why.

after moving to portmapping, the server did connect again (except for the coturn port which never works for reasons I cannot figure out).
I did the first solution for the expired keyring, thanks, I was unaware and the issue seems indeed unrelated. First solution works perfectly
I have a fixed IP address through my provider and it does not seem that I have CGNAT. Is there I way I could check it for sure?

Is there still a way I could test what went wrong with the DMZ set-up? In any case, many thanks for all the help!! currently it seems workable

otm33 · February 8, 2026, 10:53am

If it worked before, it could mean your isp changed DMZ rules: it seems that isp DMZ are not always “real” DMZ.

aven · February 8, 2026, 10:56am

Ok, seems plausable.. worked for a few years till a week ago. I’ll go with port forwarding then from now on. thank you for all the help!

system · March 10, 2026, 10:56am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.