Hello!

I’ve been running into an oddity and i can not find the root cause.

Situation

I have installed OMV on my raspberry pi 4 4GB via: wget -O - https://raw.githubusercontent.com/OpenMediaVault-Plugin-Developers/installScript/master/install | sudo bash I also needed to use usrmerge before the installation: sudo apt install usrmerge

After completion, while being connected via ssh, i can query the omv website and it works fine: curl localhost

However whenever i try to access it via the browser, it does not. I have ran omv-firstaid as well just to be sure, but that does not change anything.

Network

My Network is connected via ethernet to a repeater (Fritzbox 4040), which in turn connects to the router via ethernet (Frityzbox 7490). Another repeater is also connected.

All are connected as a singular Mesh.

Question

I can connect via port 22 to my pi from anywhere in my house. It works fine and stable due to the mesh. However i can not connect to port 80 for OMV.

I’ve tried port forwarding on my network mesh, but that did not change anything.

I also tried for testing purposes a tunnel via ssh ssh -L 80:localhost:80 pi@raspberrypi.local but that resulted in a:

bind [::1]:80: Permission denied channel_setup_fwd_listener_tcpip: cannot listen to port: 80 Could not request local forwarding

Which makes me think it might be the network on the pi. However I am new to linux networking and therefor would like to ask for your ideas.

Any ideas on what could be cause?

Thanks in advance for the help!

(Crosspost from lemmy.ml )

  • InnerScientist@vlemmy.net
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    The error you’re getting with SSH isn’t a problem with the pi, your local user is not root which means you cannot bind to any port <=1024, try listening on local port 8080 instead with -L 8080:localhost:80

  • Scrabbone@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    The ssh tunnel might not work because the linux os reserves the ports 0-1023 to OS. You need higher priviliges to reserve this ports for your applications. If you type sudo ss -tulpn you can see the applications that are bound to you ports. Do you see nginx behind local addresses 0.0.0.0:80 and [::]:80 ?

  • NeoLikesLemmy@lemmy.fmhy.ml
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    bind [::1]:80: Permission denied channel_setup_fwd_listener_tcpip: cannot listen to port: 80 Could not request local forwarding

    Some service is still grabbing your port 80, so the new job cannot start to listen there.

    However i can not connect to port 80 for OMV

    But this service is not really listening.

    Maybe your first installation job is not 100% finished, but still ‘hanging around’ somehow?

    Just a thought - I do not really know OMV.

  • static09@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    I don’t use OMV so take this with a grain of salt, but I would hazard a guess that the web server isn’t listening on port 80.

    Try ss -ltn for a list of ports on which the system is listening and ss -nut for a list of active connections. Double-checking firewall rules (commonly ufw) or filter rules (iptables) will be useful for diagnosing connection issues.

    (edited swapping around ss option explanations)

  • TheWandererOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Thanks for the hints, this definitely helped, however it did not solve the issue.

    What i did:

    1. I changed via omv-firstaid the omv port from 80 to 8081.
    2. I confirmed with ss -ltn that this change was successful and i see the listening port 80 vanished, while this now popped up:

    State Recv-Q Send-Q Local Address:Port Peer Address:Port

    LISTEN 0 511 0.0.0.0:8081 0.0.0.0:*

    1. I tested locally via ssh from the pi the connection via curl http://mylocalip:8081/ and it works, i get the html back
    2. I tested from my laptop (connected to my router via WiFi, where the raspberry is meshed into via the repeater in between) and i still get the timeout.
    3. I tried tunneling again via ssh ssh -L 8081:localhost:8081 pi@raspberrypi.local and i did not get any errors this time. However when i open the local url in the browser i get a connection reset and my terminal shows me channel 3: open failed: administratively prohibited: open failed. However this just says that TcPForwarding is disabled, which is fine, so that tunneling issue should not be the main problem, i assume.
    • NeoLikesLemmy@lemmy.fmhy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Now I would double check your name services.

      First reboot the Fritz 7490, then the Fritz 4040.

      Then ping from everywhere to your Pi AND also ping from the Pi to every other machine: all the names must resolve to the proper addresses.

  • TheWandererOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    The issue was much more straightforward than i thought. It seems sometimes thinking of too complex issues will hinder finding the easiest cause - the local forewall on the pi was blocking it / had no explcite allow.

    To check i did: sudo ufw status verbose

    There was only port 22

    I added the new port as Allow Port 8081: sudo ufw allow 8081

    And it works now! Thanks for all the tipps that pointed me in the right direction!