Firewall blocks some (but not all) WebUI ports

Help
1

Hi! I have a headless server which is supposed to run a few services, like sabnzbd, syncthing, etc. Since it’s headless, the Firewall ports should be opened.

However, I noticed that some WebUIs still aren’t accessible from other devices on LAN with the error Unable to connect using Firefox, or using curl: Failed to connect to 192.168.XXX.XXX port 8080 after 3 ms: Couldn't connect to server.

Some services, like sonarr and radarr work like a charm, though. So I’m ruling out general network problems. The WebUIs are also accessible with curl from localhost, or when setting up an SSH-tunnel. So, it’s also not the services.

The services I noticed with that behavior up to now are syncthing and sabnzbd. It also doesn’t matter if I use the service.sabnzbd.openFirewall option or networking.firewall.allowedTCPPorts option.

Here is a snippet of my config:

services = {
   sonarr = { # works
     enable = true;
     openFirewall = true;
   };
   radarr = { # works
     enable = true;
     openFirewall = true;
   };
   sabnzbd = { # doesn't work
     enable = true;
     openFirewall = true;
   };
  };

Any ideas?

I’m on nixpkgs unstable and stateversion 24.05.

2

Services may listen only on localhost (127.0.0.1). For example, looks like
sabnzbd does so by default. In that case there is really nothing on 192.168.XXX.XXX to connect to on that port.

Try setting per service listen address to 0.0.0.0 to listen on all interfaces.

1 Like
3

That did the trick, thanks a lot! Forgot to check the internal settings of the service. :person_facepalming: