this post was submitted on 06 Jul 2023
14 points (93.8% liked)

Selfhosted

40219 readers
1024 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hello!

I've been running into an oddity and i can not find the root cause.

Situation

I have installed OMV on my raspberry pi 4 4GB via: wget -O - https://raw.githubusercontent.com/OpenMediaVault-Plugin-Developers/installScript/master/install | sudo bash I also needed to use usrmerge before the installation: sudo apt install usrmerge

After completion, while being connected via ssh, i can query the omv website and it works fine: curl localhost

However whenever i try to access it via the browser, it does not. I have ran omv-firstaid as well just to be sure, but that does not change anything.

Network

My Network is connected via ethernet to a repeater (Fritzbox 4040), which in turn connects to the router via ethernet (Frityzbox 7490). Another repeater is also connected.

All are connected as a singular Mesh.

Question

I can connect via port 22 to my pi from anywhere in my house. It works fine and stable due to the mesh. However i can not connect to port 80 for OMV.

I've tried port forwarding on my network mesh, but that did not change anything.

I also tried for testing purposes a tunnel via ssh ssh -L 80:localhost:80 pi@raspberrypi.local but that resulted in a:

bind [::1]:80: Permission denied channel_setup_fwd_listener_tcpip: cannot listen to port: 80 Could not request local forwarding

Which makes me think it might be the network on the pi. However I am new to linux networking and therefor would like to ask for your ideas.

Any ideas on what could be cause?

Thanks in advance for the help!

(Crosspost from lemmy.ml )

top 7 comments
sorted by: hot top controversial new old
[–] InnerScientist@vlemmy.net 3 points 1 year ago

The error you're getting with SSH isn't a problem with the pi, your local user is not root which means you cannot bind to any port <=1024, try listening on local port 8080 instead with -L 8080:localhost:80

[–] NeoLikesLemmy@lemmy.fmhy.ml 2 points 1 year ago

bind [::1]:80: Permission denied channel_setup_fwd_listener_tcpip: cannot listen to port: 80 Could not request local forwarding

Some service is still grabbing your port 80, so the new job cannot start to listen there.

However i can not connect to port 80 for OMV

But this service is not really listening.

Maybe your first installation job is not 100% finished, but still 'hanging around' somehow?

Just a thought - I do not really know OMV.

[–] Scrabbone@discuss.tchncs.de 2 points 1 year ago

The ssh tunnel might not work because the linux os reserves the ports 0-1023 to OS. You need higher priviliges to reserve this ports for your applications. If you type sudo ss -tulpn you can see the applications that are bound to you ports. Do you see nginx behind local addresses 0.0.0.0:80 and [::]:80 ?

[–] static09@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

I don't use OMV so take this with a grain of salt, but I would hazard a guess that the web server isn't listening on port 80.

Try ss -ltn for a list of ports on which the system is listening and ss -nut for a list of active connections. Double-checking firewall rules (commonly ufw) or filter rules (iptables) will be useful for diagnosing connection issues.

(edited swapping around ss option explanations)

[–] cloudwanderer@lemmy.ml 1 points 1 year ago

The issue was much more straightforward than i thought. It seems sometimes thinking of too complex issues will hinder finding the easiest cause - the local forewall on the pi was blocking it / had no explcite allow.

To check i did: sudo ufw status verbose

There was only port 22

I added the new port as Allow Port 8081: sudo ufw allow 8081

And it works now! Thanks for all the tipps that pointed me in the right direction!

[–] cloudwanderer@lemmy.ml 1 points 1 year ago (1 children)

Thanks for the hints, this definitely helped, however it did not solve the issue.

What i did:

  1. I changed via omv-firstaid the omv port from 80 to 8081.
  2. I confirmed with ss -ltn that this change was successful and i see the listening port 80 vanished, while this now popped up:

State Recv-Q Send-Q Local Address:Port Peer Address:Port

LISTEN 0 511 0.0.0.0:8081 0.0.0.0:*

  1. I tested locally via ssh from the pi the connection via curl http://mylocalip:8081/ and it works, i get the html back
  2. I tested from my laptop (connected to my router via WiFi, where the raspberry is meshed into via the repeater in between) and i still get the timeout.
  3. I tried tunneling again via ssh ssh -L 8081:localhost:8081 pi@raspberrypi.local and i did not get any errors this time. However when i open the local url in the browser i get a connection reset and my terminal shows me channel 3: open failed: administratively prohibited: open failed. However this just says that TcPForwarding is disabled, which is fine, so that tunneling issue should not be the main problem, i assume.
[–] NeoLikesLemmy@lemmy.fmhy.ml 2 points 1 year ago

Now I would double check your name services.

First reboot the Fritz 7490, then the Fritz 4040.

Then ping from everywhere to your Pi AND also ping from the Pi to every other machine: all the names must resolve to the proper addresses.

load more comments
view more: next ›