Yunohost on Raspi behind a Fritzbox: DNS correct but no ipv6

What type of hardware are you using: Raspberry Pi 3, 4+
What YunoHost version are you running: 12.0.10
How are you able to access your server: The webadmin
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: no special context

Describe your issue

Changed provider, now behind a Fritzbox 7583. Opened ports as follows:
XMPP clients >> 5222
XMPP servers >> 5269
Email SMTP >> 587
Email IMAP >> 993
HTTP-Server >> 80
HTTPS-Server >> 443
Port 25 >> 25
Port 22 >> 22
each of them vor IPv4 and IPv6
DNS is hosted by a hosting provider, I can change all DNS settings there > done probably correctly as diagnosis says ok.

BUT
I have this error “Port 22 is not reachable from the outside in IPv6.”, same other ports. I could update the certificate of the domain only with ignoring the http check. domain is reachable now. But probably only over IPv4

Any hint what to check?

Thx Marc

Share relevant logs or error messages

=================================
Base system (basesystem)

[INFO] Server hardware architecture is bare-metal arm64

  • Server model is Raspberry Pi 4 Model B Rev 1.5

[INFO] Server is running Linux kernel 6.1.21-v8+

[INFO] Server is running Debian 12.9

[INFO] Server is running YunoHost 12.0.10 (stable)

  • yunohost version: 12.0.10 (stable)
  • yunohost-admin version: 12.0.4 (stable)
  • yunohost-portal version: 12.0.7 (stable)
  • moulinette version: 12.0.3 (stable)
  • ssowat version: 12.0.3 (stable)

[WARNING] There’s been a suspiciously high number of authentication failures recently. You may want to make sure that fail2ban is running and is correctly configured, or use a custom port for SSH as explained in Security | Yunohost Documentation.

=================================
Internet connectivity (ip)

[SUCCESS] Domain name resolution is working!

[SUCCESS] The server is connected to the Internet through IPv4!

  • Global IP: xx.xx.xx.xx
  • Local IP: 192.168.178.25

[SUCCESS] The server is connected to the Internet through IPv6!

  • Global IP: xx:xx:xx:xx:xx:xx
  • Local IP: fd00::a928:e549:3dc0:d44d

=================================
DNS records (dnsrecords)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category basic)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category mail)

[SUCCESS] DNS records are correctly configured for domain maindomain.tld (category extra)

=================================
Ports exposure (ports)

[ERROR] Port 22 is not reachable from the outside in IPv6.

[ERROR] Port 25 is not reachable from the outside in IPv6.

[ERROR] Port 80 is not reachable from the outside in IPv6.

[ERROR] Port 443 is not reachable from the outside in IPv6.

[ERROR] Port 587 is not reachable from the outside in IPv6.

[ERROR] Port 993 is not reachable from the outside in IPv6.

=================================
Web (web)

[ERROR] Domain maindomain.tld appears unreachable through HTTP from outside the local network in IPv6, though it works in IPv4.

  • Connection error: could not connect to the requested domain, it’s very likely unreachable.

[ERROR] Domain cryptpad.maindomain.tld appears unreachable through HTTP from outside the local network in IPv6, though it works in IPv4.

  • Connection error: could not connect to the requested domain, it’s very likely unreachable.

[ERROR] Domain traggo.maindomain.tld appears unreachable through HTTP from outside the local network in IPv6, though it works in IPv4.

  • Connection error: could not connect to the requested domain, it’s very likely unreachable.

=================================
Email (mail)

[SUCCESS] The SMTP mail server is able to send emails (outgoing port 25 is not blocked).

[ERROR] The SMTP mail server is unreachable from the outside on IPv6. It won’t be able to receive emails.

  • Could not open a connection on port 25 to your server in IPv6. It appears to be unreachable.
    1. The most common cause for this issue is that port 25 is not correctly forwarded to your server.
    2. You should also make sure that service postfix is running.
    3. On more complex setups: make sure that no firewall or reverse-proxy is interfering.

[ERROR] Reverse DNS is not correctly configured for IPv4. Some emails may fail to get delivered or be flagged as spam.

  • Current reverse DNS: 82-220-105-240.ftth.solnet.ch
    Expected value: maindomain.tld
  • You should first try to configure reverse DNS with maindomain.tld in your internet router interface or your hosting provider interface. (Some hosting providers may require you to send them a support ticket for this).
  • Some providers won’t let you configure your reverse DNS (or their feature might be broken…). If you are experiencing issues because of this, consider the following solutions:
    • Some ISP provide the alternative of using a mail server relay though it implies that the relay will be able to spy on your email traffic.
    • A privacy-friendly alternative is to use a VPN with a dedicated public IP to bypass this kind of limits. See Advantages of a VPN for self-hosting | Yunohost Documentation
    • Or it’s possible to switch to a different provider

[ERROR] No reverse DNS is defined in IPv6. Some emails may fail to get delivered or be flagged as spam.

  • You should first try to configure reverse DNS with maindomain.tld in your internet router interface or your hosting provider interface. (Some hosting providers may require you to send them a support ticket for this).
  • Some providers won’t let you configure your reverse DNS (or their feature might be broken…). If your reverse DNS is correctly configured for IPv4, you can try disabling the use of IPv6 when sending emails by running ‘yunohost settings set email.smtp.smtp_allow_ipv6 -v off’. Note: this last solution means that you won’t be able to send or receive emails from the few IPv6-only servers out there.

[SUCCESS] The IPs and domains used by this server do not appear to be blacklisted

[SUCCESS] 0 pending emails in the mail queues

=================================
Services status check (services)

[SUCCESS] Service cryptpad is running!

[SUCCESS] Service dnsmasq is running!

[SUCCESS] Service dovecot is running!

[SUCCESS] Service fail2ban is running!

[SUCCESS] Service mysql is running!

[SUCCESS] Service nginx is running!

[SUCCESS] Service opendkim is running!

[SUCCESS] Service php8.2-fpm is running!

[SUCCESS] Service php8.3-fpm is running!

[SUCCESS] Service postfix is running!

[SUCCESS] Service slapd is running!

[SUCCESS] Service ssh is running!

[SUCCESS] Service traggo is running!

[SUCCESS] Service trilium is running!

[SUCCESS] Service yunohost-api is running!

[SUCCESS] Service yunohost-firewall is running!

[SUCCESS] Service yunohost-portal-api is running!

[SUCCESS] Service yunomdns is running!

=================================
System resources (systemresources)

[SUCCESS] The system still has 3.0 GiB (80%) RAM available out of 3.7 GiB.

[INFO] The system has only 200 MiB swap. You should consider having at least 512 MiB to avoid situations where the system runs out of memory.

  • Please be careful and aware that if the server is hosting swap on an SD card or SSD storage, it may drastically reduce the life expectancy of the device.

[SUCCESS] Storage / (on device /dev/mmcblk0p2) still has 15 GiB (55%) space left (out of 28 GiB)!

[SUCCESS] Storage /boot (on device /dev/mmcblk0p1) still has 224 MiB (88%) space left (out of 255 MiB)!

=================================
System configurations (regenconf)

[WARNING] Configuration file /etc/apt/sources.list.d/extra_php_version.list appears to have been manually modified.

  • This is probably OK if you know what you’re doing! YunoHost will stop updating this file automatically… But beware that YunoHost upgrades could contain important recommended changes. If you want to, you can inspect the differences with ‘yunohost tools regen-conf apt --dry-run --with-diff’ and force the reset to the recommended configuration with ‘yunohost tools regen-conf apt --force’

=================================
Applications (apps)

[SUCCESS] All installed apps respect basic packaging practices

Hi mavori,

Until a few years ago I used a Fritzbox as well, and have successfully opened ports for both IPv4 and IPv6.

It was not always smooth sailing, and the many clicks needed to check and change configurations did not make the task easier.

I found a lot of solace in fritzchecksum by Mementum on Github. (I have a few notes on the Fritzbox besides that).

The benefit of the checksum program is, that you can change the downloaded configuration and change it as text. Afterward saving you run checksum program to get the correct checksum at the bottom of the configuration, and upload it to the Fritzbox again.

You double-checked the IPv6 to which you forwarded, of course. If you run some online portscan service on your Yunohost, does it mark any ports as open?

If you forward a port to the IPv6 of your computer/laptop, does that give you an open port in the portscan?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.