Hello!
I’ve been running into an oddity and i can not find the root cause.
Situation
I have installed OMV on my raspberry pi 4 4GB via:
wget -O - https://raw.githubusercontent.com/OpenMediaVault-Plugin-Developers/installScript/master/install | sudo bash
I also needed to use usrmerge before the installation:
sudo apt install usrmerge
After completion, while being connected via ssh, i can query the omv website and it works fine:
curl localhost
However whenever i try to access it via the browser, it does not. I have ran omv-firstaid
as well just to be sure, but that does not change anything.
Network
My Network is connected via ethernet to a repeater (Fritzbox 4040), which in turn connects to the router via ethernet (Frityzbox 7490). Another repeater is also connected.
All are connected as a singular Mesh.
Question
I can connect via port 22 to my pi from anywhere in my house. It works fine and stable due to the mesh. However i can not connect to port 80 for OMV.
I’ve tried port forwarding on my network mesh, but that did not change anything.
I also tried for testing purposes a tunnel via ssh ssh -L 80:localhost:80 pi .local
but that resulted in a:
bind [::1]:80: Permission denied channel_setup_fwd_listener_tcpip: cannot listen to port: 80 Could not request local forwarding
Which makes me think it might be the network on the pi. However I am new to linux networking and therefor would like to ask for your ideas.
Any ideas on what could be cause?
Thanks in advance for the help!
(Crosspost from lemmy.ml )
The error you’re getting with SSH isn’t a problem with the pi, your local user is not root which means you cannot bind to any port <=1024, try listening on local port 8080 instead with -L 8080:localhost:80
The ssh tunnel might not work because the linux os reserves the ports 0-1023 to OS. You need higher priviliges to reserve this ports for your applications. If you type sudo ss -tulpn you can see the applications that are bound to you ports. Do you see nginx behind local addresses 0.0.0.0:80 and [::]:80 ?
bind [::1]:80: Permission denied channel_setup_fwd_listener_tcpip: cannot listen to port: 80 Could not request local forwarding
Some service is still grabbing your port 80, so the new job cannot start to listen there.
However i can not connect to port 80 for OMV
But this service is not really listening.
Maybe your first installation job is not 100% finished, but still ‘hanging around’ somehow?
Just a thought - I do not really know OMV.
I don’t use OMV so take this with a grain of salt, but I would hazard a guess that the web server isn’t listening on port 80.
Try
ss -ltn
for a list of ports on which the system is listening andss -nut
for a list of active connections. Double-checking firewall rules (commonly ufw) or filter rules (iptables) will be useful for diagnosing connection issues.(edited swapping around ss option explanations)
Thanks for the hints, this definitely helped, however it did not solve the issue.
What i did:
- I changed via
omv-firstaid
the omv port from 80 to 8081. - I confirmed with
ss -ltn
that this change was successful and i see the listening port 80 vanished, while this now popped up:
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 511 0.0.0.0:8081 0.0.0.0:*
- I tested locally via ssh from the pi the connection via
curl http://mylocalip:8081/
and it works, i get the html back - I tested from my laptop (connected to my router via WiFi, where the raspberry is meshed into via the repeater in between) and i still get the timeout.
- I tried tunneling again via ssh
ssh -L 8081:localhost:8081 pi .local
and i did not get any errors this time. However when i open the local url in the browser i get a connection reset and my terminal shows mechannel 3: open failed: administratively prohibited: open failed
. However this just says that TcPForwarding is disabled, which is fine, so that tunneling issue should not be the main problem, i assume.
Now I would double check your name services.
First reboot the Fritz 7490, then the Fritz 4040.
Then ping from everywhere to your Pi AND also ping from the Pi to every other machine: all the names must resolve to the proper addresses.
- I changed via
The issue was much more straightforward than i thought. It seems sometimes thinking of too complex issues will hinder finding the easiest cause - the local forewall on the pi was blocking it / had no explcite allow.
To check i did:
sudo ufw status verbose
There was only port 22
I added the new port as Allow Port 8081:
sudo ufw allow 8081
And it works now! Thanks for all the tipps that pointed me in the right direction!