Webserver not listening on IPv4 but only IPv6

[martin8883]

Hi, I have the same issue like in #307 - ntopng webserver is only listening on IPv6 port but not on IPv4. It seems as the used Mongoose webserver does not work correctly. Server is Debian Jessie 8.2 and packages are nightly build binaries from packages.ntop.org. Also tried the stable packages for Ubuntu 14.04 (same problem).

root@svnf2:~# cat /etc/debian_version
8.2
root@svnf2:~# uname -a
Linux svnf2 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-02) x86_64 GNU/Linux
root@svnf2:~# dpkg -l | grep -iE 'ntop|nprobe'
ii  ntopng                         2.3.160114-853              amd64        Web-based traffic monitoring.
ii  ntopng-data                    2.3.160114                  all          Data files (geoip) for ntopng.
ii  pfring                         6.3.0-423                   amd64        PF_RING (http://www.ntop.org/pf_ring/) [dev:a02e50c06aaf676f6eb81a22ded92e26faffca8d (Mon Jan 11 11:30:23 2016 -0500)]
root@svnf2:~# netstat -tupln | grep ntop
tcp6       0      0 :::80                   :::*                    LISTEN      17948/ntopng

This is the log from ntopng:

root@svnf2:~# ntopng -U root -w 80 --community
14/Jan/2016 15:41:23 [Ntop.cpp:929] Setting local networks to 127.0.0.0/8
14/Jan/2016 15:41:23 [Redis.cpp:106] Successfully connected to redis 127.0.0.1:6379@0
14/Jan/2016 15:41:23 [PF_RINGInterface.cpp:52] Reading packets from PF_RING v.6.2.0 interface eth0...
14/Jan/2016 15:41:23 [Ntop.cpp:1148] Registered interface eth0 [id: 0]
14/Jan/2016 15:41:23 [main.cpp:178] ERROR: Unable to create interface lo
14/Jan/2016 15:41:23 [PcapInterface.cpp:85] Reading packets from interface lo...
14/Jan/2016 15:41:23 [Ntop.cpp:1148] Registered interface lo [id: 1]
14/Jan/2016 15:41:23 [Ntop.cpp:1161] Registered interface view eth0 [id: 0]
14/Jan/2016 15:41:23 [Ntop.cpp:1161] Registered interface view lo [id: 1]
14/Jan/2016 15:41:23 [Utils.cpp:299] User changed to root
14/Jan/2016 15:41:23 [main.cpp:247] PID stored in file /var/tmp/ntopng.pid
14/Jan/2016 15:41:23 [HTTPserver.cpp:460] Please read https://github.com/ntop/ntopng/blob/dev/doc/README.SSL if you want to enable SSL.
14/Jan/2016 15:41:23 [HTTPserver.cpp:503] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts]
14/Jan/2016 15:41:23 [HTTPserver.cpp:506] HTTP server listening on port 80
14/Jan/2016 15:41:23 [main.cpp:284] Working directory: /var/tmp/ntopng
14/Jan/2016 15:41:23 [main.cpp:286] Scripts/HTML pages directory: /usr/share/ntopng
14/Jan/2016 15:41:23 [Ntop.cpp:256] Welcome to ntopng x86_64 v.2.3.160114 - (C) 1998-16 ntop.org
14/Jan/2016 15:41:23 [Ntop.cpp:261] Built on Debian GNU/Linux 8.2 (jessie)
14/Jan/2016 15:41:23 [PeriodicActivities.cpp:53] Started periodic activities loop...
14/Jan/2016 15:41:23 [RuntimePrefs.cpp:34] Dumping alerts into syslog
14/Jan/2016 15:41:23 [NtopPro.cpp:233] [LICENSE] ntopng systemId: 7713EE8000001088
14/Jan/2016 15:41:23 [NtopPro.cpp:236] [LICENSE] ntopng is starting without a valid license
14/Jan/2016 15:41:23 [Ntop.cpp:512] Adding 127.0.0.0/8 as IPv4 local network for lo
14/Jan/2016 15:41:23 [Ntop.cpp:512] Adding 1.2.3.4/27 as IPv4 local network for eth0
14/Jan/2016 15:41:23 [Ntop.cpp:542] Adding ::1/128 as IPv6 local network for lo
14/Jan/2016 15:41:23 [Ntop.cpp:542] Adding fe80::485f:65ff:fe10:e87e/64 as IPv6 local network for eth0
14/Jan/2016 15:41:23 [NetworkInterface.cpp:1417] Started packet polling on interface eth0 [id: 0]...
14/Jan/2016 15:41:23 [NetworkInterface.cpp:1417] Started packet polling on interface lo [id: 1]...

My network configuration is valid, everything else works.

[martin8883]

Same problem on a freshly installed Ubuntu 14.04 LTS as virtual machine:

root@svnf2:~# uname -a
Linux svnf2 3.19.0-25-generic #26~14.04.1-Ubuntu SMP Fri Jul 24 21:16:20 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
root@svnf2:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:        14.04
Codename:       trusty
root@svnf2:~# netstat -tpln
Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      15228/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      11208/master
tcp        0      0 0.0.0.0:6556            0.0.0.0:*               LISTEN      11056/xinetd
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      2581/redis-server 1
tcp6       0      0 :::22                   :::*                    LISTEN      15228/sshd
tcp6       0      0 :::3000                 :::*                    LISTEN      17631/ntopng
tcp6       0      0 ::1:25                  :::*                    LISTEN      11208/master
tcp6       0      0 :::443                  :::*                    LISTEN      11412/apache2
tcp6       0      0 :::80                   :::*                    LISTEN      11412/apache2

As some people have it running, perhaps the problem is the virtual machine. It´s a KVM container on a Proxmox 3.x host

root@svnf2:~# ntopng -w 3000 --community
14/Jan/2016 16:55:02 [Ntop.cpp:933] Setting local networks to 127.0.0.0/8
14/Jan/2016 16:55:02 [Redis.cpp:106] Successfully connected to redis 127.0.0.1:6379@0
14/Jan/2016 16:55:02 [PF_RINGInterface.cpp:52] Reading packets from PF_RING v.6.2.0 interface eth0...
14/Jan/2016 16:55:02 [Ntop.cpp:1152] Registered interface eth0 [id: 0]
14/Jan/2016 16:55:02 [PcapInterface.cpp:86] Reading packets from interface lo...
14/Jan/2016 16:55:02 [Ntop.cpp:1152] Registered interface lo [id: 1]
14/Jan/2016 16:55:02 [Ntop.cpp:1165] Registered interface view eth0 [id: 0]
14/Jan/2016 16:55:02 [Ntop.cpp:1165] Registered interface view lo [id: 1]
14/Jan/2016 16:55:02 [Utils.cpp:304] User changed to nobody
14/Jan/2016 16:55:02 [main.cpp:240] PID stored in file /var/tmp/ntopng.pid
14/Jan/2016 16:55:02 [HTTPserver.cpp:465] Please read https://github.com/ntop/ntopng/blob/dev/doc/README.SSL if you want to enable SSL.
14/Jan/2016 16:55:02 [HTTPserver.cpp:482] -->3000<--
14/Jan/2016 16:55:02 [HTTPserver.cpp:510] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts]
14/Jan/2016 16:55:02 [HTTPserver.cpp:513] HTTP server listening on port 3000
14/Jan/2016 16:55:02 [main.cpp:290] Working directory: /var/tmp/ntopng
14/Jan/2016 16:55:02 [main.cpp:292] Scripts/HTML pages directory: /usr/share/ntopng
14/Jan/2016 16:55:02 [Ntop.cpp:260] Welcome to ntopng x86_64 v.2.2.151211 - (C) 1998-15 ntop.org
14/Jan/2016 16:55:02 [Ntop.cpp:265] Built on Ubuntu 14.04.2 LTS
14/Jan/2016 16:55:02 [PeriodicActivities.cpp:53] Started periodic activities loop...
14/Jan/2016 16:55:02 [RuntimePrefs.cpp:32] Dumping alerts into syslog
14/Jan/2016 16:55:02 [NtopPro.cpp:233] [LICENSE] ntopng systemId: 37945C1700001088
14/Jan/2016 16:55:02 [NtopPro.cpp:236] [LICENSE] ntopng is starting without a valid license
14/Jan/2016 16:55:02 [Ntop.cpp:516] Adding 127.0.0.0/8 as IPv4 local network for lo
14/Jan/2016 16:55:02 [Ntop.cpp:516] Adding 1.2.3.4/27 as IPv4 local network for eth0
14/Jan/2016 16:55:02 [Ntop.cpp:546] Adding ::1/128 as IPv6 local network for lo
14/Jan/2016 16:55:02 [Ntop.cpp:546] Adding fe80::2c16:25ff:fe91:5615/64 as IPv6 local network for eth0
14/Jan/2016 16:55:02 [NetworkInterface.cpp:1426] Started packet polling on interface eth0 [id: 0]...
14/Jan/2016 16:55:02 [NetworkInterface.cpp:1426] Started packet polling on interface lo [id: 1]...

This is the vm config. Any suggestions?

root@shproxmox1:~# cat /etc/pve/qemu-server/119.conf
balloon: 512
bootdisk: virtio0
cores: 1
ide2: local:iso/ubuntu-14.04.3-server-amd64.iso,media=cdrom
memory: 1024
name: svnf2.example.org
net0: virtio=2E:16:25:91:56:15,bridge=vmbr0
numa: 0
ostype: l26
smbios1: uuid=04815e1d-8f95-4063-acab-42607ca9fb4c
sockets: 1
virtio0: local:119/vm-119-disk-1.qcow2,size=32G

Already tried to change the network config from virtio to other values but Mongoose also does not listen on IPv4. Edit: just noticed that also apache2 is listening only on IPv6. So perhaps it really is a problem in combination with VM.

[martin8883]

Both systems are running now. I don´t know exactly why, but I can make have a guess. The Daemon was not working at the very beginning and there was no error message but port 80 was not reachable so I started debugging. libmysql-dev was missing and I installed it. And from that time I think I was hunting a ghost. I did no actual web access but only checked netstat and that was the problem. That there is no tcp :80 but only tcp6 ::80 does not mean that it is not listening on IPv4. It was listen on v4 :80 all the time and I wasted my time.

[ghost]

Hello everyone,

I have a problem that seems to be close to martin8883´s problem. My ntopng webserver only shows ipv6 traffic. The nprobe sends ipv4 and ipv6 traffic to the interface from which ntop receives the json streams. This was tested by launching nprobe to watch the traffic in the Debian Terminal. The Debian version is: 8.6 "Jessie" Ntop version: 2.4.161113 - Pro Small Business Edition Nprobe version: 7.4.161113

Please help me.

[simonemainardi]

@JohnSummer run nprobe with -b 2 --debug so it will print json messages on the console. Those messages are sent to ntopng over ZMQ. Check and/or paste some messages here along with your full nprobe configuration.

[ghost]

This is the nprobe-eth1.conf file

#Interface for NetFlow-Collection
#-i=eth1
#Dump relevant activities (e.g. nProbe start/stop or packet drop)
--event-log=/var/log/nprobe/nprobe-event.log
#Target-IP and Port for the ZMQ-JSONs (ntopng)
--zmq=tcp://127.0.0.1:5556
#NetFlow-Collector-Port
--collector-port=2055
#Collection-Interface for Packet-Capture (not needed for NetFlow)
-i=none
#Adress to send NetFlow-packets to (not needed because ntopng doesn't understand NetFlow)
-n=none
#Export-Template for exported Flow-Informations
-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_S$

This is the ntopng.conf file

# port for http(s)-server
--http-port=10.42.10.40:3000
#--http-port=3000
# start ntopng as a daemon
--daemon
# pid path
--pid-path=/var/run/ntopng.pid
# input interface
--interface=tcp://127.0.0.1:5556
# Sets the DNS address resolution mode:
# 0 --- Decode DNS responses and resolve only local (-m) numeric IPs
# 1 --- Decode DNS responses and resolve all numeric IPs
# 2 --- Decode DNS responses and don't resolve numeric IPs
# 3 --- Don't decode DNS responses and don't resolve numeric IPs
--dns-mode=1
# maximum number of hosts
--max-num-hosts=300000
# maximum number of flows
--max-num-flows=200000
# local networks
--local-networks=>> here i have placed all ipv4 and ipv6 adresses <<

I will send an example of json massages very soon.

Thank you.

[ghost]

Here comes the json sample...

json.txt

If there is anymore info needed, please tell me.

[simonemainardi]

@JohnSummer please try and repeat steps as https://github.com/ntop/ntopng/issues/831#issuecomment-261967692

[ghost]

Maybe I have found the a part or the source of the Problem, when i out-comment the -T parameter in the nprobe config. file, i see only ipv4 traffic in ntopng.

So i think the Export-Template:

-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %IPV4_NEXT_HOP %INPUT_SNMP %OUTPUT_SNMP %IN_PKTS %IN_BYTES %FIRST_SWITCHED %LAST_SWITCHED %L4_SRC_PORT %L4_DST_PORT %TCP_FLAGS %PROTOCOL %SRC_TOS %SRC_AS %DST_AS %IPV4_SRC_MASK %IPV4_DST_MASK %IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV6_SRC_MASK %IPV6_DST_MASK %IP_PROTOCOL_VERSION"

is not correct.

when the -T parameter is active i can only see ipv6 traffic in ntopng... Now i need to bring both, v4 and v6 together.

[simonemainardi]

We've already done a fix that may solve your problem: https://github.com/ntop/ntopng/commit/6af6ed00fb56f0a9b6f5bcea3ca0af75e25f91d0

I see that you are using version 2.3. Please update ntopng to the latest 2.5 that contains the fix along with the latest dev version of nprobe.

[ghost]

I have installed the last unstable version of ntopng and it works, now is see ipv4 and v6 traffic. Thanks a lot !

[simonemainardi]

Thanks for reporting @JohnSummer