Link to home
Create AccountLog in
Avatar of Jason Yu
Jason YuFlag for United States of America

asked on

cannot telnet to a linux server

I have a new linux server with CentOS 7 isntalled with Chef software. The ip address of this server is I was able to telnet on to port 443 on this server, please see below.

[root@jboss-testvm ~]# telnet 443
Connected to
Escape character is '^]'.

However, when I go to a window server on the same network, I couldn't telnet on the port 443 on this server. I thought the firewall may block the communication between these two servers, but my network admin told me since they both on the same subnet, there is no firewall between, it won't be the firewall's issue. Could you experts here help me out?

firewall is disbaled.
[root@jboss-testvm ~]# service iptable status
Redirecting to /bin/systemctl status  iptable.service
● iptable.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

[root@jboss-testvm ~]# lsof -i :443
nginx    794    root   14u  IPv4  16823      0t0  TCP *:https (LISTEN)
nginx   1025 opscode   14u  IPv4  16823      0t0  TCP *:https (LISTEN)
nginx   1026 opscode   14u  IPv4  16823      0t0  TCP *:https (LISTEN)
nginx   1027 opscode   14u  IPv4  16823      0t0  TCP *:https (LISTEN)
nginx   1028 opscode   14u  IPv4  16823      0t0  TCP *:https (LISTEN)
[root@jboss-testvm ~]# netstat -an | grep 443 | grep LISTEN
tcp        0      0   *               LISTEN
[root@jboss-testvm ~]# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0*               LISTEN
tcp        0      0*               LISTEN
tcp        0      0 *               LISTEN
tcp        0      0*               LISTEN
tcp        0      0 *               LISTEN
tcp        0      0*               LISTEN
tcp        0      0  *               LISTEN
tcp        0      0    *               LISTEN
tcp        0      0  *               LISTEN
tcp        0      0  *               LISTEN
tcp        0      0*               LISTEN
tcp        0      0*               LISTEN
tcp        0      0    *               LISTEN
tcp        0      0*               LISTEN
tcp        0      0*               LISTEN
tcp        0      0*               LISTEN
tcp        0      0*               LISTEN
tcp        0      0  *               LISTEN
tcp        0      0*               LISTEN
tcp        0      0*               LISTEN
tcp        0      0 *               LISTEN
tcp        0      0   *               LISTEN
tcp        0      0 *               LISTEN
tcp        0      0*               LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0          :::*                    LISTEN
tcp6       0      0 ::1:5432                :::*                    LISTEN
tcp6       0      0 ::1:25                  :::*                    LISTEN
Avatar of Scott Silva
Scott Silva
Flag of United States of America image

What does the windows server show when you try to telnet from it?
Any errors?
Are both machines on the same switch?  If not then perhaps its a route issue on the router.
Avatar of Jason Yu


scott, it shows as below:

C:\Users\adm-yuj>telnet 443
Connecting To not open connection to the host, on port 44
3: Connect failed
HI, Pony:

I can ping the linux box from my windows server without problem. I did a trace route, the result shows it doesn't pass any router.


Tracing route to over a maximum of 30 hops

  1     1 ms     2 ms     3 ms

Trace complete.

There is only one hop from the tracert result.

Since telnet does not support HTTPS it is unlikely that you can make a connection to port 443 which is commonly used for HTTPS.  One of the features of HTTPS is that the secure connection is made before any data is transferred.  You really should not have been able to connect to your Linux server.  It should not respond to anything other than HTTPS on port 443.
Hi, Dave:

I agree with you, thanks of the analyse. If I cannot use telnet to diagnose, what should I do to trouble shoot it?

Here is the result from nmap command:

[root@jboss-testvm ~]# nmap -sT -O localhost

Starting Nmap 6.40 ( ) at 2016-02-24 14:43 EST
Nmap scan report for localhost (
Host is up (0.00010s latency).
Other addresses for localhost (not scanned):
Not shown: 991 closed ports
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
443/tcp  open  https
4321/tcp open  rwhois
5432/tcp open  postgresql
8000/tcp open  http-alt
9090/tcp open  zeus-admin
9999/tcp open  abyss
No exact OS matches for host (If you know what OS is running on it, see ).
TCP/IP fingerprint:

Network Distance: 0 hops

OS detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 12.32 seconds
[root@jboss-testvm ~]#
You should  be able to ssh to your Linux server, if you don't have an ssh client, try PuTTY.
yes, I can ssh to my linux server from the beginning. How could I know which application is listenning on port 443. From the nmap result, it shows the port 443 is open. But I install JBOSS and other applications on this server, I want to check which application is listening to port 443. From the nginx configuration file of Chef, there is no 443 port showing there.

please help, thanks.
I found lsof command, I used it to check which application is listening on port 443, here is the result.

[root@jboss-testvm ~]# lsof -i :443
nginx   762    root   14u  IPv4  14023      0t0  TCP *:https (LISTEN)
nginx   954 opscode   14u  IPv4  14023      0t0  TCP *:https (LISTEN)
nginx   955 opscode   14u  IPv4  14023      0t0  TCP *:https (LISTEN)
nginx   956 opscode   14u  IPv4  14023      0t0  TCP *:https (LISTEN)
nginx   957 opscode   14u  IPv4  14023      0t0  TCP *:https (LISTEN)
[root@jboss-testvm ~]#
nginx is the webserver, https has a default port of 443
then why I couldn't access the web server from another windows machine.

I am gonna install xming gui and see if I can open the web server locally.
Did you set nginx to listen to port 443?
So what do you get when you try to browse (IE, chrome, etc) to
>> then why I couldn't access the web server from another windows machine.
Can you access it from the local machine? You can try: "lynx https://localhost".
And do you have an SSL/TLS certificate to support HTTPS on that machine?
Avatar of Gerwin Jansen
Gerwin Jansen
Flag of Netherlands image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
no, nginx was installed with Chef software. I checked nginx configuration file, there is no definition for port 443. I attached the configuration file.
Chef Server, On-premises, the standalone installation.
>> no, nginx was installed with Chef software.
Requirements clearly state "ports are used by the nginx service", why do you doubt? If you did not change configuration manually then nginx is using port 443.

From your config file:

   # Chef HTTPS API
    include /var/opt/opscode/nginx/etc/chef_https_lb.conf;
Hi, Dave:
No, I don't, do I need install one for this webserver to work?

"And do you have an SSL/TLS certificate to support HTTPS on that machine?"
Dear experts, thank you very much for your active replies. I really appreciate your help.

right now, I got xming reflector installed on  my desktop. And I successfully open the web site through browser, please take a look. so, I believe the web server is on on my server. I just need resolve why i cannot open the webserver from other hosts.

Do I need change the port definition in ngxin configuration file?

Without a cert you should still get a security warning when attempting to connect.
Avatar of noci

For https you do need a certificate to connect from any place. ... An invalid cert may still give you some popup warnings. That going to change soon, as the browsers will get more pickey about certificates.

Now do systems use proxy's to connect to websites, and can your proxy in that case reach your server?

Anything in the logging of NGINX? How about a wireshark trace from a successful system and from a failing system.
Both a trace from the server side as well as from the client side...
That would help to see what does reach...
finally, I got it. there is a daemon call "firewalld", i should stop it first.

this daemon is different than iptable firewall. I really don't know the existence of this thing. is it new to Centos 7 core?
it is an intermediate between iptables & systemd. And it is needed for systemd .
Thanks for all the experts who helped me out for this issue. The issue was caused by the new "firewalld" service which was the default service for CentOS 7.  After I ran the following two commands, the website showed up immediately on other computers' browser.

[root@jboss-testvm ~]# systemctl mask firewalld
Created symlink from /etc/systemd/system/firewalld.service to /dev/null.
[root@jboss-testvm ~]# systemctl stop firewalld

thanks a lot for all these promptly replies, this is the reason I love experts-exchange!
hi, Noci:

What is systemd ? is it a daemon for system?

systemd is the new startup system. It has had a blindingly acceptance across various distributions.
With causing quite some disturbance. The software should be 100 foolproof, but has some issues.
If you need reliable systems, systemd is imho still experimental. (At least as long as it still corrupts journals and introduces a complex system for the basic function needed from the init process.)
As you can see i'm no fan of systemd. I need to deliver systems which guarantee 99.999% uptime for 365.25 * 24.
For those systems startup time is rather irrelevant, they should not restart regularly.
And loosing logfiles/journals IS a problem.