cannot telnet to a linux server

I have a new linux server with CentOS 7 isntalled with Chef software. The ip address of this server is 172.16.177.177. I was able to telnet on to port 443 on this server, please see below.

[root@jboss-testvm ~]# telnet 172.16.177.177 443
Trying 172.16.177.177...
Connected to 172.16.177.177.
Escape character is '^]'.



However, when I go to a window server on the same network, I couldn't telnet on the port 443 on this server. I thought the firewall may block the communication between these two servers, but my network admin told me since they both on the same subnet, there is no firewall between, it won't be the firewall's issue. Could you experts here help me out?

firewall is disbaled.
[root@jboss-testvm ~]# service iptable status
Redirecting to /bin/systemctl status  iptable.service
● iptable.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)



[root@jboss-testvm ~]# lsof -i :443
COMMAND  PID    USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx    794    root   14u  IPv4  16823      0t0  TCP *:https (LISTEN)
nginx   1025 opscode   14u  IPv4  16823      0t0  TCP *:https (LISTEN)
nginx   1026 opscode   14u  IPv4  16823      0t0  TCP *:https (LISTEN)
nginx   1027 opscode   14u  IPv4  16823      0t0  TCP *:https (LISTEN)
nginx   1028 opscode   14u  IPv4  16823      0t0  TCP *:https (LISTEN)
[root@jboss-testvm ~]# netstat -an | grep 443 | grep LISTEN
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN
[root@jboss-testvm ~]# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:4321          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:9090          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:42822           0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:5672          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:9999          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:9680            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:4369            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:9683            0.0.0.0:*               LISTEN
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:9462          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:9463          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:15672         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:11001         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:11002         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:16379         0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:59355           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:34175           0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:8000          0.0.0.0:*               LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 127.0.0.1:8983          :::*                    LISTEN
tcp6       0      0 ::1:5432                :::*                    LISTEN
tcp6       0      0 ::1:25                  :::*                    LISTEN
Jason YuAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott SilvaNetwork AdministratorCommented:
What does the windows server show when you try to telnet from it?
Any errors?
Steven CarnahanNetwork ManagerCommented:
Are both machines on the same switch?  If not then perhaps its a route issue on the router.
Jason YuAuthor Commented:
scott, it shows as below:

C:\Users\adm-yuj>telnet 172.16.177.177 443
Connecting To 172.16.177.177...Could not open connection to the host, on port 44
3: Connect failed
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Jason YuAuthor Commented:
HI, Pony:

I can ping the linux box from my windows server without problem. I did a trace route, the result shows it doesn't pass any router.

C:\Users\adm-yuj>tracert 172.16.177.177

Tracing route to 172.16.177.177 over a maximum of 30 hops

  1     1 ms     2 ms     3 ms  172.16.177.177

Trace complete.

C:\Users\adm-yuj>
Jason YuAuthor Commented:
There is only one hop from the tracert result.

Thanks.
Dave BaldwinFixer of ProblemsCommented:
Since telnet does not support HTTPS it is unlikely that you can make a connection to port 443 which is commonly used for HTTPS.  One of the features of HTTPS is that the secure connection is made before any data is transferred.  You really should not have been able to connect to your Linux server.  It should not respond to anything other than HTTPS on port 443.
Jason YuAuthor Commented:
Hi, Dave:

I agree with you, thanks of the analyse. If I cannot use telnet to diagnose, what should I do to trouble shoot it?

Thanks.
Jason YuAuthor Commented:
Here is the result from nmap command:

[root@jboss-testvm ~]# nmap -sT -O localhost

Starting Nmap 6.40 ( http://nmap.org ) at 2016-02-24 14:43 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00010s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 991 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
443/tcp  open  https
4321/tcp open  rwhois
5432/tcp open  postgresql
8000/tcp open  http-alt
9090/tcp open  zeus-admin
9999/tcp open  abyss
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=6.40%E=4%D=2/24%OT=22%CT=1%CU=43102%PV=N%DS=0%DC=L%G=Y%TM=56CE07D
OS:4%P=x86_64-redhat-linux-gnu)SEQ(SP=102%GCD=1%ISR=107%TI=Z%CI=I%II=I%TS=A
OS:)OPS(O1=MFFD7ST11NW7%O2=MFFD7ST11NW7%O3=MFFD7NNT11NW7%O4=MFFD7ST11NW7%O5
OS:=MFFD7ST11NW7%O6=MFFD7ST11)WIN(W1=AAAA%W2=AAAA%W3=AAAA%W4=AAAA%W5=AAAA%W
OS:6=AAAA)ECN(R=Y%DF=Y%T=40%W=AAAA%O=MFFD7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S
OS:=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%R
OS:D=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=
OS:0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U
OS:1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DF
OS:I=N%T=40%CD=S)

Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.32 seconds
[root@jboss-testvm ~]#
Gerwin Jansen, EE MVETopic Advisor Commented:
You should  be able to ssh to your Linux server, if you don't have an ssh client, try PuTTY.
Jason YuAuthor Commented:
yes, I can ssh to my linux server from the beginning. How could I know which application is listenning on port 443. From the nmap result, it shows the port 443 is open. But I install JBOSS and other applications on this server, I want to check which application is listening to port 443. From the nginx configuration file of Chef, there is no 443 port showing there.

please help, thanks.
Jason YuAuthor Commented:
I found lsof command, I used it to check which application is listening on port 443, here is the result.

[root@jboss-testvm ~]# lsof -i :443
COMMAND PID    USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   762    root   14u  IPv4  14023      0t0  TCP *:https (LISTEN)
nginx   954 opscode   14u  IPv4  14023      0t0  TCP *:https (LISTEN)
nginx   955 opscode   14u  IPv4  14023      0t0  TCP *:https (LISTEN)
nginx   956 opscode   14u  IPv4  14023      0t0  TCP *:https (LISTEN)
nginx   957 opscode   14u  IPv4  14023      0t0  TCP *:https (LISTEN)
[root@jboss-testvm ~]#
Gerwin Jansen, EE MVETopic Advisor Commented:
nginx is the webserver, https has a default port of 443
Jason YuAuthor Commented:
then why I couldn't access the web server from another windows machine.

I am gonna install xming gui and see if I can open the web server locally.
Scott SilvaNetwork AdministratorCommented:
Did you set nginx to listen to port 443?
Steven CarnahanNetwork ManagerCommented:
So what do you get when you try to browse (IE, chrome, etc) to https://172.16.177.177
Gerwin Jansen, EE MVETopic Advisor Commented:
>> then why I couldn't access the web server from another windows machine.
Can you access it from the local machine? You can try: "lynx https://localhost".
Dave BaldwinFixer of ProblemsCommented:
And do you have an SSL/TLS certificate to support HTTPS on that machine?
Gerwin Jansen, EE MVETopic Advisor Commented:
Which Chef setup did you install?

From the Chef system requirements:
Firewalls and ports — If host-based firewalls (iptables, ufw, etc.) are being used, ensure that ports 80 and 443 are open. These ports are used by the nginx service

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jason YuAuthor Commented:
no, nginx was installed with Chef software. I checked nginx configuration file, there is no definition for port 443. I attached the configuration file.
nginx.conf.txt.txt
Jason YuAuthor Commented:
Chef Server, On-premises, the standalone installation.
Gerwin Jansen, EE MVETopic Advisor Commented:
>> no, nginx was installed with Chef software.
Requirements clearly state "ports are used by the nginx service", why do you doubt? If you did not change configuration manually then nginx is using port 443.

From your config file:

   # Chef HTTPS API
    include /var/opt/opscode/nginx/etc/chef_https_lb.conf;
Jason YuAuthor Commented:
Hi, Dave:
No, I don't, do I need install one for this webserver to work?

"And do you have an SSL/TLS certificate to support HTTPS on that machine?"
Jason YuAuthor Commented:
Dear experts, thank you very much for your active replies. I really appreciate your help.

right now, I got xming reflector installed on  my desktop. And I successfully open the web site through browser, please take a look. so, I believe the web server is on on my server. I just need resolve why i cannot open the webserver from other hosts.

Do I need change the port definition in ngxin configuration file?

thanks.
Steven CarnahanNetwork ManagerCommented:
Without a cert you should still get a security warning when attempting to connect.
nociSoftware EngineerCommented:
For https you do need a certificate to connect from any place. ... An invalid cert may still give you some popup warnings. That going to change soon, as the browsers will get more pickey about certificates.

Now do systems use proxy's to connect to websites, and can your proxy in that case reach your server?

Anything in the logging of NGINX? How about a wireshark trace from a successful system and from a failing system.
Both a trace from the server side as well as from the client side...
That would help to see what does reach...
Jason YuAuthor Commented:
finally, I got it. there is a daemon call "firewalld", i should stop it first.

this daemon is different than iptable firewall. I really don't know the existence of this thing. is it new to Centos 7 core?
Steven CarnahanNetwork ManagerCommented:
nociSoftware EngineerCommented:
it is an intermediate between iptables & systemd. And it is needed for systemd .
Jason YuAuthor Commented:
Thanks for all the experts who helped me out for this issue. The issue was caused by the new "firewalld" service which was the default service for CentOS 7.  After I ran the following two commands, the website showed up immediately on other computers' browser.

[root@jboss-testvm ~]# systemctl mask firewalld
Created symlink from /etc/systemd/system/firewalld.service to /dev/null.
[root@jboss-testvm ~]# systemctl stop firewalld

thanks a lot for all these promptly replies, this is the reason I love experts-exchange!
Jason YuAuthor Commented:
hi, Noci:

What is systemd ? is it a daemon for system?

thanks.
Steven CarnahanNetwork ManagerCommented:
nociSoftware EngineerCommented:
systemd is the new startup system. It has had a blindingly acceptance across various distributions.
With causing quite some disturbance. The software should be 100 foolproof, but has some issues.
If you need reliable systems, systemd is imho still experimental. (At least as long as it still corrupts journals and introduces a complex system for the basic function needed from the init process.)
As you can see i'm no fan of systemd. I need to deliver systems which guarantee 99.999% uptime for 365.25 * 24.
For those systems startup time is rather irrelevant, they should not restart regularly.
And loosing logfiles/journals IS a problem.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.