Of the multiple servers I handle with Webmin one is giving me grief. This particular server is running Rocky 8. It has three active network connections of which two are part of private, “air-gapped”, networks. One of those private connections is for an Infiniband based SAN, the other is used to directly connect to another server. The server has no firewall running nor any host.allow or host.deny files. Webmin has been installed via the RPM repository, version 2.105-1, and should be at default settings.
Attempting to access the host gives me a “This site cannot be reached” error in Chrome and a similar “Unable to connect” in Firefox. The host name, FQDN, and IP address have all been tried to no avail. I have verified that the service is running, via ‘systemctl status webmin’, and that port 10000 is open, via ‘ss -ltun’. I can access the server via other means such as SSH. Checking the log file shows no errors. I can access Webmin via the localhost address, this was tested with lynx, but this has some very obvious issues. I have tried manually adding an ‘allow=’ line to the miniserv config but this changed nothing.
Whoah, you’ve got to simplify your problem. I have no idea what you’re talking about.
Sounds like a basic network troubleshooting problem, but you’ve got all this extra nonsense going. Just simplify. No way to solve a problem with so many danged variables (and it’s probably nothing to do with Webmin, since Webmin is running).
Simple, got it.
I cannot access Webmin on one of my servers from any system that is not the local host. I can access the server Webmin is running on via SSH.
My point with all of the so called variables is that I have checked all of the basic network issues. The network interfaces are up, there is no firewall turned on to block anything, there is no hosts.deny file to block any IP addresses. The port is showing as open on the server.
So, if you can see Webmin on localhost, we know Webmin is running. Connect with something on the same local network, without all the extra network nonsense in between. See if that works.
If it does, then you know the problem is something other than Webmin. Something is wrong in all those other network hops.
If it doesn’t it’s either Webmin isn’t listening on the port/address you think it is (port 10000 and all active addresses, by default) or there’s a firewall preventing access to port 10000 (you also need 10000-10100 if you’ll be using other Webmin servers with this one).
Nice user name.
Checking that page via Lynx shows that it is set to “Allow from all addresses”.
All the other Webmin servers on that subnet can be accessed from my desktop with no issue. What other “extra network nonsense” are you referring to?
I verified that Webmin is listening on port 10000 using ‘ss -ltunp’. The switch -l shows all ports that are listening, -t for TCP, -u for UDP, -n for numbers only, and -p to show the PID. I see three entries for port 10000, one UDP, one TCP, and one TCPv6. All come from the single miniserv.pl process. There is no firewall running on this server.
Does Lynx care about SSL at all? I’m baffled as to why a text based browser would connect but not a graphical.
Maybe it will come to me during my nap, but, probably not. 
Lynx does care about SSL, and actively complains on every page load due to the default cert being self-signed. It is connecting because I am running it on the server, via an SSH connection, and connecting via 127.0.0.1.
I wouldn’t consider that nonsense. Seeing as this is a network issue knowing that the server has multiple network connections each to a different subnet could be vital information. Though in this case it may not be.
I’m just saying you clearly have a network problem, since you know Webmin is running, listening, and answering requests. You know it’s not an SSL/TLS error, because that’s what the error would be.
So, it has to be network. Since it is network, the only way to figure out where the network problem is happening is to isolate the problem and the way to do that is to remove all the places the connection can fail.
test if the port is open to the world
add ip and server or port.
OK. That part wasn’t clear.
From a machine that you can’t connect from:
Can you ping by name and/or address?
tracepath -p 443 <host>
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.