Hello!

I’ve been running into an oddity and i can not find the root cause.

Situation

I have installed OMV on my raspberry pi 4 4GB via: wget -O - https://raw.githubusercontent.com/OpenMediaVault-Plugin-Developers/installScript/master/install | sudo bash I also needed to use usrmerge before the installation: sudo apt install usrmerge

After completion, while being connected via ssh, i can query the omv website and it works fine: curl localhost

However whenever i try to access it via the browser, it does not. I have ran omv-firstaid as well just to be sure, but that does not change anything.

Network

My Network is connected via ethernet to a repeater (Fritzbox 4040), which in turn connects to the router via ethernet (Frityzbox 7490). Another repeater is also connected.

All are connected as a singular Mesh.

Question

I can connect via port 22 to my pi from anywhere in my house. It works fine and stable due to the mesh. However i can not connect to port 80 for OMV.

I’ve tried port forwarding on my network mesh, but that did not change anything.

I also tried for testing purposes a tunnel via ssh ssh -L 80:localhost:80 pi@raspberrypi.local but that resulted in a:

bind [::1]:80: Permission denied channel_setup_fwd_listener_tcpip: cannot listen to port: 80 Could not request local forwarding

Which makes me think it might be the network on the pi. However I am new to linux networking and therefor would like to ask for your ideas.

Any ideas on what could be cause?

Thanks in advance for the help!

(Crosspost from lemmy.ml )

  • InnerScientist@vlemmy.net
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    The error you’re getting with SSH isn’t a problem with the pi, your local user is not root which means you cannot bind to any port <=1024, try listening on local port 8080 instead with -L 8080:localhost:80

  • Scrabbone@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    The ssh tunnel might not work because the linux os reserves the ports 0-1023 to OS. You need higher priviliges to reserve this ports for your applications. If you type sudo ss -tulpn you can see the applications that are bound to you ports. Do you see nginx behind local addresses 0.0.0.0:80 and [::]:80 ?

  • static09@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    I don’t use OMV so take this with a grain of salt, but I would hazard a guess that the web server isn’t listening on port 80.

    Try ss -ltn for a list of ports on which the system is listening and ss -nut for a list of active connections. Double-checking firewall rules (commonly ufw) or filter rules (iptables) will be useful for diagnosing connection issues.

    (edited swapping around ss option explanations)

  • TheWanderer@lemmy.mlOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Thanks for the hints, this definitely helped, however it did not solve the issue.

    What i did:

    1. I changed via omv-firstaid the omv port from 80 to 8081.
    2. I confirmed with ss -ltn that this change was successful and i see the listening port 80 vanished, while this now popped up:

    State Recv-Q Send-Q Local Address:Port Peer Address:Port

    LISTEN 0 511 0.0.0.0:8081 0.0.0.0:*

    1. I tested locally via ssh from the pi the connection via curl http://mylocalip:8081/ and it works, i get the html back
    2. I tested from my laptop (connected to my router via WiFi, where the raspberry is meshed into via the repeater in between) and i still get the timeout.
    3. I tried tunneling again via ssh ssh -L 8081:localhost:8081 pi@raspberrypi.local and i did not get any errors this time. However when i open the local url in the browser i get a connection reset and my terminal shows me channel 3: open failed: administratively prohibited: open failed. However this just says that TcPForwarding is disabled, which is fine, so that tunneling issue should not be the main problem, i assume.
  • TheWanderer@lemmy.mlOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    The issue was much more straightforward than i thought. It seems sometimes thinking of too complex issues will hinder finding the easiest cause - the local forewall on the pi was blocking it / had no explcite allow.

    To check i did: sudo ufw status verbose

    There was only port 22

    I added the new port as Allow Port 8081: sudo ufw allow 8081

    And it works now! Thanks for all the tipps that pointed me in the right direction!