Avatar of Jason Yu
Jason Yu
Flag for United States of America asked on

cannot telnet to a linux server

I have a new linux server with CentOS 7 isntalled with Chef software. The ip address of this server is 172.16.177.177. I was able to telnet on to port 443 on this server, please see below.

[root@jboss-testvm ~]# telnet 172.16.177.177 443
Trying 172.16.177.177...
Connected to 172.16.177.177.
Escape character is '^]'.



However, when I go to a window server on the same network, I couldn't telnet on the port 443 on this server. I thought the firewall may block the communication between these two servers, but my network admin told me since they both on the same subnet, there is no firewall between, it won't be the firewall's issue. Could you experts here help me out?

firewall is disbaled.
[root@jboss-testvm ~]# service iptable status
Redirecting to /bin/systemctl status  iptable.service
● iptable.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)



[root@jboss-testvm ~]# lsof -i :443
COMMAND  PID    USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx    794    root   14u  IPv4  16823      0t0  TCP *:https (LISTEN)
nginx   1025 opscode   14u  IPv4  16823      0t0  TCP *:https (LISTEN)
nginx   1026 opscode   14u  IPv4  16823      0t0  TCP *:https (LISTEN)
nginx   1027 opscode   14u  IPv4  16823      0t0  TCP *:https (LISTEN)
nginx   1028 opscode   14u  IPv4  16823      0t0  TCP *:https (LISTEN)
[root@jboss-testvm ~]# netstat -an | grep 443 | grep LISTEN
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN
[root@jboss-testvm ~]# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:4321          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:9090          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:42822           0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:5672          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:9999          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:9680            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:4369            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:9683            0.0.0.0:*               LISTEN
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:9462          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:9463          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:15672         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:11001         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:11002         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:16379         0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:59355           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:34175           0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:8000          0.0.0.0:*               LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 127.0.0.1:8983          :::*                    LISTEN
tcp6       0      0 ::1:5432                :::*                    LISTEN
tcp6       0      0 ::1:25                  :::*                    LISTEN
LinuxNetwork AnalysisNetworking

Avatar of undefined
Last Comment
noci

8/22/2022 - Mon
Scott Silva

What does the windows server show when you try to telnet from it?
Any errors?
Steven Carnahan

Are both machines on the same switch?  If not then perhaps its a route issue on the router.
Jason Yu

ASKER
scott, it shows as below:

C:\Users\adm-yuj>telnet 172.16.177.177 443
Connecting To 172.16.177.177...Could not open connection to the host, on port 44
3: Connect failed
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Jason Yu

ASKER
HI, Pony:

I can ping the linux box from my windows server without problem. I did a trace route, the result shows it doesn't pass any router.

C:\Users\adm-yuj>tracert 172.16.177.177

Tracing route to 172.16.177.177 over a maximum of 30 hops

  1     1 ms     2 ms     3 ms  172.16.177.177

Trace complete.

C:\Users\adm-yuj>
Jason Yu

ASKER
There is only one hop from the tracert result.

Thanks.
Dave Baldwin

Since telnet does not support HTTPS it is unlikely that you can make a connection to port 443 which is commonly used for HTTPS.  One of the features of HTTPS is that the secure connection is made before any data is transferred.  You really should not have been able to connect to your Linux server.  It should not respond to anything other than HTTPS on port 443.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Jason Yu

ASKER
Hi, Dave:

I agree with you, thanks of the analyse. If I cannot use telnet to diagnose, what should I do to trouble shoot it?

Thanks.
Jason Yu

ASKER
Here is the result from nmap command:

[root@jboss-testvm ~]# nmap -sT -O localhost

Starting Nmap 6.40 ( http://nmap.org ) at 2016-02-24 14:43 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00010s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 991 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
443/tcp  open  https
4321/tcp open  rwhois
5432/tcp open  postgresql
8000/tcp open  http-alt
9090/tcp open  zeus-admin
9999/tcp open  abyss
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=6.40%E=4%D=2/24%OT=22%CT=1%CU=43102%PV=N%DS=0%DC=L%G=Y%TM=56CE07D
OS:4%P=x86_64-redhat-linux-gnu)SEQ(SP=102%GCD=1%ISR=107%TI=Z%CI=I%II=I%TS=A
OS:)OPS(O1=MFFD7ST11NW7%O2=MFFD7ST11NW7%O3=MFFD7NNT11NW7%O4=MFFD7ST11NW7%O5
OS:=MFFD7ST11NW7%O6=MFFD7ST11)WIN(W1=AAAA%W2=AAAA%W3=AAAA%W4=AAAA%W5=AAAA%W
OS:6=AAAA)ECN(R=Y%DF=Y%T=40%W=AAAA%O=MFFD7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S
OS:=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%R
OS:D=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=
OS:0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U
OS:1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DF
OS:I=N%T=40%CD=S)

Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.32 seconds
[root@jboss-testvm ~]#
Gerwin Jansen

You should  be able to ssh to your Linux server, if you don't have an ssh client, try PuTTY.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Jason Yu

ASKER
yes, I can ssh to my linux server from the beginning. How could I know which application is listenning on port 443. From the nmap result, it shows the port 443 is open. But I install JBOSS and other applications on this server, I want to check which application is listening to port 443. From the nginx configuration file of Chef, there is no 443 port showing there.

please help, thanks.
Jason Yu

ASKER
I found lsof command, I used it to check which application is listening on port 443, here is the result.

[root@jboss-testvm ~]# lsof -i :443
COMMAND PID    USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   762    root   14u  IPv4  14023      0t0  TCP *:https (LISTEN)
nginx   954 opscode   14u  IPv4  14023      0t0  TCP *:https (LISTEN)
nginx   955 opscode   14u  IPv4  14023      0t0  TCP *:https (LISTEN)
nginx   956 opscode   14u  IPv4  14023      0t0  TCP *:https (LISTEN)
nginx   957 opscode   14u  IPv4  14023      0t0  TCP *:https (LISTEN)
[root@jboss-testvm ~]#
Gerwin Jansen

nginx is the webserver, https has a default port of 443
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Jason Yu

ASKER
then why I couldn't access the web server from another windows machine.

I am gonna install xming gui and see if I can open the web server locally.
Scott Silva

Did you set nginx to listen to port 443?
Steven Carnahan

So what do you get when you try to browse (IE, chrome, etc) to https://172.16.177.177
Your help has saved me hundreds of hours of internet surfing.
fblack61
Gerwin Jansen

>> then why I couldn't access the web server from another windows machine.
Can you access it from the local machine? You can try: "lynx https://localhost".
Dave Baldwin

And do you have an SSL/TLS certificate to support HTTPS on that machine?
ASKER CERTIFIED SOLUTION
Gerwin Jansen

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Jason Yu

ASKER
no, nginx was installed with Chef software. I checked nginx configuration file, there is no definition for port 443. I attached the configuration file.
nginx.conf.txt.txt
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Jason Yu

ASKER
Chef Server, On-premises, the standalone installation.
Gerwin Jansen

>> no, nginx was installed with Chef software.
Requirements clearly state "ports are used by the nginx service", why do you doubt? If you did not change configuration manually then nginx is using port 443.

From your config file:

   # Chef HTTPS API
    include /var/opt/opscode/nginx/etc/chef_https_lb.conf;
Jason Yu

ASKER
Hi, Dave:
No, I don't, do I need install one for this webserver to work?

"And do you have an SSL/TLS certificate to support HTTPS on that machine?"
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Jason Yu

ASKER
Dear experts, thank you very much for your active replies. I really appreciate your help.

right now, I got xming reflector installed on  my desktop. And I successfully open the web site through browser, please take a look. so, I believe the web server is on on my server. I just need resolve why i cannot open the webserver from other hosts.

Do I need change the port definition in ngxin configuration file?

thanks.
Steven Carnahan

Without a cert you should still get a security warning when attempting to connect.
noci

For https you do need a certificate to connect from any place. ... An invalid cert may still give you some popup warnings. That going to change soon, as the browsers will get more pickey about certificates.

Now do systems use proxy's to connect to websites, and can your proxy in that case reach your server?

Anything in the logging of NGINX? How about a wireshark trace from a successful system and from a failing system.
Both a trace from the server side as well as from the client side...
That would help to see what does reach...
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Jason Yu

ASKER
finally, I got it. there is a daemon call "firewalld", i should stop it first.

this daemon is different than iptable firewall. I really don't know the existence of this thing. is it new to Centos 7 core?
Steven Carnahan

noci

it is an intermediate between iptables & systemd. And it is needed for systemd .
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Jason Yu

ASKER
Thanks for all the experts who helped me out for this issue. The issue was caused by the new "firewalld" service which was the default service for CentOS 7.  After I ran the following two commands, the website showed up immediately on other computers' browser.

[root@jboss-testvm ~]# systemctl mask firewalld
Created symlink from /etc/systemd/system/firewalld.service to /dev/null.
[root@jboss-testvm ~]# systemctl stop firewalld

thanks a lot for all these promptly replies, this is the reason I love experts-exchange!
Jason Yu

ASKER
hi, Noci:

What is systemd ? is it a daemon for system?

thanks.
Steven Carnahan

⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
noci

systemd is the new startup system. It has had a blindingly acceptance across various distributions.
With causing quite some disturbance. The software should be 100 foolproof, but has some issues.
If you need reliable systems, systemd is imho still experimental. (At least as long as it still corrupts journals and introduces a complex system for the basic function needed from the init process.)
As you can see i'm no fan of systemd. I need to deliver systems which guarantee 99.999% uptime for 365.25 * 24.
For those systems startup time is rather irrelevant, they should not restart regularly.
And loosing logfiles/journals IS a problem.