Ntopng Unable to start HTTP server (IPv4) on ports 3000: Address already in use
-
ntopng was working (about a month ago I used it) and now it is no longer working.
Anyways trying to access ntopng (either from the Settings page then clicking on the "Access ntopng" tab or IP:3000) the page loads forever then times out.
The system logs show:
Aug 21 10:42:57 php-fpm 39411 [pfBlockerNG] Starting cron process.
Aug 21 10:42:57 ntopng [HTTPserver.cpp:503] ERROR: Unable to start HTTP server (IPv4) on ports 3000: Address already in useI tried uninstalling ntopng then rebooting, then reinstalling it, the same happens.
comstat -l shows
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root sockstat 21557 0 stream /var/run/php-fpm.socket root barnyard2 62615 10 stream /var/run/php-fpm.socket root snort 39322 10 stream /var/run/php-fpm.socket root php-fpm 90814 0 stream /var/run/php-fpm.socket root php-fpm 90814 4 dgram (not connected) root php-fpm 90814 5 udp4 *:* *:* root php-fpm 90814 6 udp6 *:* *:* root barnyard2 44564 10 stream /var/run/php-fpm.socket root snort 31078 10 stream /var/run/php-fpm.socket root barnyard2 29456 10 stream /var/run/php-fpm.socket root php 19754 4 dgram (not connected) root php 19754 5 udp4 *:* *:* root php 19754 6 udp6 *:* *:* root php 19754 10 stream /var/run/php-fpm.socket root lighttpd_p 19024 5 tcp4 *:8081 *:* root lighttpd_p 19024 6 tcp4 *:8443 *:* root lighttpd_p 19024 10 stream /var/run/php-fpm.socket root snort 10298 10 stream /var/run/php-fpm.socket root ntopng 9951 3 udp4 *:* *:* root ntopng 9951 10 stream /var/run/php-fpm.socket root ntopng 9951 18 tcp4 *:3000 *:* root redis-serv 9531 4 tcp6 *:6379 *:* root redis-serv 9531 5 tcp4 *:6379 *:* root redis-serv 9531 10 stream /var/run/php-fpm.socket root syslogd 84741 4 dgram /var/run/log root syslogd 84741 5 dgram /var/run/logpriv root syslogd 84741 6 dgram /var/dhcpd/var/run/log root syslogd 84741 7 udp6 *:514 *:* root syslogd 84741 8 udp4 *:514 *:* root charon 38989 9 stream /var/run/charon.wlst root charon 38989 12 udp6 *:500 *:* root charon 38989 13 udp6 *:4500 *:* root charon 38989 14 udp4 *:500 *:* root charon 38989 15 udp4 *:4500 *:* root charon 38989 21 stream /var/run/charon.ctl root charon 38989 22 stream /var/run/charon.vici dhcpd dhcpd 33918 3 dgram (not connected) dhcpd dhcpd 33918 8 udp4 *:67 *:* dhcpd dhcpd 33918 20 udp4 *:53075 *:* dhcpd dhcpd 33918 21 udp6 *:58987 *:* root ntpd 27252 3 dgram (not connected) root ntpd 27252 20 udp6 *:123 *:* root ntpd 27252 21 udp4 *:123 *:* root ntpd 27252 29 udp4 127.0.0.1:123 *:* root ntpd 27252 30 udp6 ::1:123 *:* root dhcpleases 26709 5 dgram (not connected) unbound unbound 25860 4 udp6 *:53 *:* unbound unbound 25860 5 tcp6 *:53 *:* unbound unbound 25860 6 udp4 *:53 *:* unbound unbound 25860 7 tcp4 *:53 *:* unbound unbound 25860 8 tcp4 127.0.0.1:953 *:* unbound unbound 25860 9 dgram (not connected) root nginx 23491 6 tcp4 *:468 *:* root nginx 23491 7 tcp6 *:468 *:* root nginx 23491 8 tcp4 *:80 *:* root nginx 23491 9 tcp6 *:80 *:* root nginx 23475 6 tcp4 *:468 *:* root nginx 23475 7 tcp6 *:468 *:* root nginx 23475 8 tcp4 *:80 *:* root nginx 23475 9 tcp6 *:80 *:* root dpinger 22067 0 stream /var/run/php-fpm.socket root dpinger 22067 5 stream /var/run/dpinger_WAN_DHCP~~.sock root dpinger 22067 6 dgram (not connected) root dpinger 22067 10 stream /var/run/php-fpm.socket root xinetd 16006 0 udp4 127.0.0.1:6969 *:* _dhcp dhclient 11558 3 dgram (not connected) root dhclient 8082 3 dgram (not connected) root sshlockout 6670 3 dgram (not connected) root sshd 6364 4 tcp6 *:58 *:* root sshd 6364 5 tcp4 *:58 *:* root devd 326 4 stream /var/run/devd.pipe root devd 326 5 seqpac /var/run/devd.seqpacket.pipe root check_relo 313 3 stream /var/run/check_reload_status root php-fpm 275 4 dgram (not connected) root php-fpm 275 5 udp4 *:* *:* root php-fpm 275 6 udp6 *:* *:* root php-fpm 275 13 stream /var/run/php-fpm.socketSo ntopng is running on port 3000, but it says that it can't start because the port is in use, and I cannot access it. What to do now?
-
I believe this may have something to do with the other problem I have identified, namely orphaned packages.
https://forum.pfsense.org/index.php?topic=117172.msg649098#msg649098
-
Have you tried accessing ntopng by IP address?
-
Have you tried accessing ntopng by IP address?
Yes of course, IP:3000 and from the pfsense interface.. Both are timing out.
As you can see from sockstat output, ntopng is indeed using port 3000
root ntopng 9951 18 tcp4 *:3000 *:*But why would it try to start another process and issue the "port already used" error unless something else was using port 3000?
Thats when I connected my issue with orphaned packages (which includeds ntop) to this problem. Perhaps it has nothing to do with this but maybe it does.
-
Just to be sure, when you click in the address bar of the browser, it's showing an http connection rather than an https connection?
-
the link (Access ntopng) from Diagnostics > ntopng settings points to "pfsense:3000".
My pfsense firewall is accessible via https://pfsense
I tried with https, http, the actual numeral IP, the hostname (pfsense), everything is timing out.
-
And does ntopng show as running or stopped in the service status page?
-
@lpallard:
the link (Access ntopng) from Diagnostics > ntopng settings points to "pfsense:3000".
My pfsense firewall is accessible via https://pfsense
I tried with https, http, the actual numeral IP, the hostname (pfsense), everything is timing out.
I'm asking did you specifically try "http://ipaddr:3000/" not "http://pfsense".
Nothing with "https://" will work for sure.
-
@lpallard:
I tried with https, http, the actual numeral IP, the hostname (pfsense), everything is timing out.
Yes I did! Sorry if it wasnt clear ;)
IN my case it would be "http://192.168.0.1:3000/"
Edit: I tried to kill the ntopng process manually (killall ntopng) then starting the process back up and confirming it is indeed listed with sockstat (which it was) and then I tried to access it to no avail…
-
@lpallard:
Yes I did! Sorry if it wasnt clear ;)
IN my case it would be "http://192.168.0.1:3000/"
Just wanted to make sure. If it doesn't work with explicit http by ipaddr, then it isn't the hsts issue.
Have you checked the firewall log for port 3000 hits?
-
@lpallard:
Yes I did! Sorry if it wasnt clear ;)
IN my case it would be "http://192.168.0.1:3000/"
Just wanted to make sure. If it doesn't work with explicit http by ipaddr, then it isn't the hsts issue.
Have you checked the firewall log for port 3000 hits?
Damn, you hit the nail right on the head! Port 3000 was indeed being blocked by the firewall. I added a rule to allow communication from any LAN client to LAN address:3000 and now I can access ntopng!
That aside, it still doesnt explain the "[HTTPserver.cpp:503] ERROR: Unable to start HTTP server (IPv4) on ports 3000: Address already in use"
Is it something to worry about?
**Edit: How do you display sessions (both historical and current) with ntop 2.3? 15 minutes later, all I see are useless pie charts with "something" (x%) and "everything else" (100-x%)… In the previous ntop I could easily display the connections a specific host established as seen on this screenshot http://www.ntop.org/wp-content/uploads/2011/11/l7_sessions.png)
==> They're making this stuff too complicated for nothing...**
-
@lpallard:
That aside, it still doesnt explain the "[HTTPserver.cpp:503] ERROR: Unable to start HTTP server (IPv4) on ports 3000: Address already in use"
Is it something to worry about?
I recall seeing this issue early on with my dev system when I was working on a package upgrade. I don't see it any more, but I'm using a slightly newer version of the package which supports https. It's unclear if the disappearance of the error is related or not.
Regardless, I wouldn't stress over it as long as your access via port 3000 is working.
-
OK then I will not stress too much with this.
I took a good note of creating a FW rule in the future should I reinstall everything from scratch….
Thanks a lot!
