Ntopng Unable to start HTTP server (IPv4) on ports 3000: Address already in use



  • ntopng was working (about a month ago I used it) and now it is no longer working.

    Anyways trying to access ntopng (either from the Settings page then clicking on the "Access ntopng" tab or IP:3000) the page loads forever then times out.

    The system logs show:

    Aug 21 10:42:57 php-fpm 39411 [pfBlockerNG] Starting cron process.
    Aug 21 10:42:57 ntopng [HTTPserver.cpp:503] ERROR: Unable to start HTTP server (IPv4) on ports 3000: Address already in use

    I tried uninstalling ntopng then rebooting, then reinstalling it, the same happens.

    comstat -l shows

    USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
    root     sockstat   21557 0  stream /var/run/php-fpm.socket
    root     barnyard2  62615 10 stream /var/run/php-fpm.socket
    root     snort      39322 10 stream /var/run/php-fpm.socket
    root     php-fpm    90814 0  stream /var/run/php-fpm.socket
    root     php-fpm    90814 4  dgram  (not connected)
    root     php-fpm    90814 5  udp4   *:*                   *:*
    root     php-fpm    90814 6  udp6   *:*                   *:*
    root     barnyard2  44564 10 stream /var/run/php-fpm.socket
    root     snort      31078 10 stream /var/run/php-fpm.socket
    root     barnyard2  29456 10 stream /var/run/php-fpm.socket
    root     php        19754 4  dgram  (not connected)
    root     php        19754 5  udp4   *:*                   *:*
    root     php        19754 6  udp6   *:*                   *:*
    root     php        19754 10 stream /var/run/php-fpm.socket
    root     lighttpd_p 19024 5  tcp4   *:8081                *:*
    root     lighttpd_p 19024 6  tcp4   *:8443                *:*
    root     lighttpd_p 19024 10 stream /var/run/php-fpm.socket
    root     snort      10298 10 stream /var/run/php-fpm.socket
    root     ntopng     9951  3  udp4   *:*                   *:*
    root     ntopng     9951  10 stream /var/run/php-fpm.socket
    root     ntopng     9951  18 tcp4   *:3000                *:*
    root     redis-serv 9531  4  tcp6   *:6379                *:*
    root     redis-serv 9531  5  tcp4   *:6379                *:*
    root     redis-serv 9531  10 stream /var/run/php-fpm.socket
    root     syslogd    84741 4  dgram  /var/run/log
    root     syslogd    84741 5  dgram  /var/run/logpriv
    root     syslogd    84741 6  dgram  /var/dhcpd/var/run/log
    root     syslogd    84741 7  udp6   *:514                 *:*
    root     syslogd    84741 8  udp4   *:514                 *:*
    root     charon     38989 9  stream /var/run/charon.wlst
    root     charon     38989 12 udp6   *:500                 *:*
    root     charon     38989 13 udp6   *:4500                *:*
    root     charon     38989 14 udp4   *:500                 *:*
    root     charon     38989 15 udp4   *:4500                *:*
    root     charon     38989 21 stream /var/run/charon.ctl
    root     charon     38989 22 stream /var/run/charon.vici
    dhcpd    dhcpd      33918 3  dgram  (not connected)
    dhcpd    dhcpd      33918 8  udp4   *:67                  *:*
    dhcpd    dhcpd      33918 20 udp4   *:53075               *:*
    dhcpd    dhcpd      33918 21 udp6   *:58987               *:*
    root     ntpd       27252 3  dgram  (not connected)
    root     ntpd       27252 20 udp6   *:123                 *:*
    root     ntpd       27252 21 udp4   *:123                 *:*
    root     ntpd       27252 29 udp4   127.0.0.1:123         *:*
    root     ntpd       27252 30 udp6   ::1:123               *:*
    root     dhcpleases 26709 5  dgram  (not connected)
    unbound  unbound    25860 4  udp6   *:53                  *:*
    unbound  unbound    25860 5  tcp6   *:53                  *:*
    unbound  unbound    25860 6  udp4   *:53                  *:*
    unbound  unbound    25860 7  tcp4   *:53                  *:*
    unbound  unbound    25860 8  tcp4   127.0.0.1:953         *:*
    unbound  unbound    25860 9  dgram  (not connected)
    root     nginx      23491 6  tcp4   *:468                 *:*
    root     nginx      23491 7  tcp6   *:468                 *:*
    root     nginx      23491 8  tcp4   *:80                  *:*
    root     nginx      23491 9  tcp6   *:80                  *:*
    root     nginx      23475 6  tcp4   *:468                 *:*
    root     nginx      23475 7  tcp6   *:468                 *:*
    root     nginx      23475 8  tcp4   *:80                  *:*
    root     nginx      23475 9  tcp6   *:80                  *:*
    root     dpinger    22067 0  stream /var/run/php-fpm.socket
    root     dpinger    22067 5  stream /var/run/dpinger_WAN_DHCP~~.sock
    root     dpinger    22067 6  dgram  (not connected)
    root     dpinger    22067 10 stream /var/run/php-fpm.socket
    root     xinetd     16006 0  udp4   127.0.0.1:6969        *:*
    _dhcp    dhclient   11558 3  dgram  (not connected)
    root     dhclient   8082  3  dgram  (not connected)
    root     sshlockout 6670  3  dgram  (not connected)
    root     sshd       6364  4  tcp6   *:58                  *:*
    root     sshd       6364  5  tcp4   *:58                  *:*
    root     devd       326   4  stream /var/run/devd.pipe
    root     devd       326   5  seqpac /var/run/devd.seqpacket.pipe
    root     check_relo 313   3  stream /var/run/check_reload_status
    root     php-fpm    275   4  dgram  (not connected)
    root     php-fpm    275   5  udp4   *:*                   *:*
    root     php-fpm    275   6  udp6   *:*                   *:*
    root     php-fpm    275   13 stream /var/run/php-fpm.socket
    

    So ntopng is running on port 3000, but it says that it can't start because the port is in use, and I cannot access it.  What to do now?



  • I believe this may have something to do with the other problem I have identified, namely orphaned packages.

    https://forum.pfsense.org/index.php?topic=117172.msg649098#msg649098



  • Have you tried accessing ntopng by IP address?



  • @dennypage:

    Have you tried accessing ntopng by IP address?

    Yes of course, IP:3000 and from the pfsense interface..  Both are timing out.

    As you can see from sockstat output, ntopng is indeed using port 3000

    root     ntopng     9951  18 tcp4   *:3000                *:*
    

    But why would it try to start another process and issue the "port already used" error unless something else was using port 3000?

    Thats when I connected my issue with orphaned packages (which includeds ntop) to this problem.  Perhaps it has nothing to do with this but maybe it does.



  • Just to be sure, when you click in the address bar of the browser, it's showing an http connection rather than an https connection?



  • the link (Access ntopng) from Diagnostics > ntopng settings points to "pfsense:3000".

    My pfsense firewall is accessible via https://pfsense

    I tried with https, http, the actual numeral IP, the hostname (pfsense), everything is timing out.



  • And does ntopng show as running or stopped in the service status page?



  • @lpallard:

    the link (Access ntopng) from Diagnostics > ntopng settings points to "pfsense:3000".

    My pfsense firewall is accessible via https://pfsense

    I tried with https, http, the actual numeral IP, the hostname (pfsense), everything is timing out.

    I'm asking did you specifically try "http://ipaddr:3000/" not "http://pfsense".

    Nothing with "https://" will work for sure.



  • @lpallard:

    I tried with https, http, the actual numeral IP, the hostname (pfsense), everything is timing out.

    Yes I did!  Sorry if it wasnt clear ;)

    IN my case it would be "http://192.168.0.1:3000/"

    Edit: I tried to kill the ntopng process manually (killall ntopng) then starting the process back up and confirming it is indeed listed with sockstat (which it was) and then I tried to access it to no avail…



  • @lpallard:

    Yes I did!  Sorry if it wasnt clear ;)

    IN my case it would be "http://192.168.0.1:3000/"

    Just wanted to make sure. If it doesn't work with explicit http by ipaddr, then it isn't the hsts issue.

    Have you checked the firewall log for port 3000 hits?



  • @dennypage:

    @lpallard:

    Yes I did!  Sorry if it wasnt clear ;)

    IN my case it would be "http://192.168.0.1:3000/"

    Just wanted to make sure. If it doesn't work with explicit http by ipaddr, then it isn't the hsts issue.

    Have you checked the firewall log for port 3000 hits?

    Damn, you hit the nail right on the head!  Port 3000 was indeed being blocked by the firewall.  I added a rule to allow communication from any LAN client to LAN address:3000 and now I can access ntopng!

    That aside, it still doesnt explain the "[HTTPserver.cpp:503] ERROR: Unable to start HTTP server (IPv4) on ports 3000: Address already in use"

    Is it something to worry about?

    **Edit:  How do you display sessions (both historical and current) with ntop 2.3?  15 minutes later, all I see are useless pie charts with "something" (x%) and "everything else" (100-x%)… In the previous ntop I could easily display the connections a specific host established as seen on this screenshot http://www.ntop.org/wp-content/uploads/2011/11/l7_sessions.png)

    ==> They're making this stuff too complicated for nothing...**



  • @lpallard:

    That aside, it still doesnt explain the "[HTTPserver.cpp:503] ERROR: Unable to start HTTP server (IPv4) on ports 3000: Address already in use"

    Is it something to worry about?

    I recall seeing this issue early on with my dev system when I was working on a package upgrade. I don't see it any more, but I'm using a slightly newer version of the package which supports https. It's unclear if the disappearance of the error is related or not.

    Regardless, I wouldn't stress over it as long as your access via port 3000 is working.



  • OK then I will not stress too much with this.

    I took a good note of creating a FW rule in the future should I reinstall everything from scratch….

    Thanks a lot!


Log in to reply