Hi Team,
I am facing issue in completing this task, as apache service is running fine on port 8081 and i have added the iptables rule also in app01 server , but i am not able to do telnet from jump server to the app server. Could someone please help me in this issue.
Hello,
Please find below output .(Please note now httpd is running on port 3002).
root@stapp01 ~]# systemctl status -l httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-05-27 15:53:13 UTC; 50s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 545 (httpd)
Status: “Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec”
CGroup: /docker/dd7d1f07f4492a83d79bff148875ec25ad7b73eb867e29e231b8c21b86cc02e2/system.slice/httpd.service
├─545 /usr/sbin/httpd -DFOREGROUND
├─546 /usr/sbin/httpd -DFOREGROUND
├─547 /usr/sbin/httpd -DFOREGROUND
├─548 /usr/sbin/httpd -DFOREGROUND
├─549 /usr/sbin/httpd -DFOREGROUND
└─550 /usr/sbin/httpd -DFOREGROUND
May 27 15:53:13 stapp01 systemd[1]: Starting The Apache HTTP Server…
May 27 15:53:13 stapp01 httpd[545]: AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 172.16.238.10. Set the ‘ServerName’ directive globally to suppress this message
May 27 15:53:13 stapp01 systemd[1]: Started The Apache HTTP Server.
[root@stapp01 ~]# ss -ltpn
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.11:45486 :
LISTEN 0 128 *:111 *:*users:((“rpcbind”,pid=65,fd=4),(“systemd”,pid=1,fd=38))
LISTEN 0 128 *:22 *:*users:((“sshd”,pid=66,fd=3))
LISTEN 0 128 *:3002 *:*users:((“httpd”,pid=550,fd=3),(“httpd”,pid=549,fd=3),(“httpd”,pid=548,fd=3),(“httpd”,pid=547,fd=3),(“httpd”,pid=546,fd=3),(“httpd”,pid=545,fd=3))
LISTEN 0 128 [::]:111 [::]:*users:((“rpcbind”,pid=65,fd=11))
LISTEN 0 128 [::]:22 [::]:*users:((“sshd”,pid=66,fd=4))
[root@stapp01 ~]#
root@stapp01 ~]# netstat -apn |grep -i 3002
tcp 0 0 0.0.0.0:3002 0.0.0.0:* LISTEN 545/httpd
Where you asked to change the port from 8081 to 3002?
No when i click on try later option and again tried to start then a new question which came there it was mentioned port 3002.
What you added in iptables?
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
Could you list iptables rules and share the output, use:
$sudo iptables -L INPUT -nv
iptables -L INPUT -nv
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4632 19M ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0
201 13183 ACCEPT all – lo * 0.0.0.0/0 0.0.0.0/0
1 60 ACCEPT tcp – * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
125 7500 REJECT all – * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
what to test , you have not mentioned anything ?
Hi,
Can you test this :
vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT
sudo systemctl restart iptables
i have done the changes as you mentioned , but still from jump server apache is not reachable .
hor@jump_host /$ curl 172.16.238.10:8083
curl: (7) Failed connect to 172.16.238.10:8083; No route to host
thor@jump_host /$
You have performed almost all the steps correctly. But seems issue with iptables. If you observe carefully the rule which you appended for port 8080(or whichever port is provided in the task) has not been reflected in the listed rules.
Also try saving the rule using:
#iptables-save
I think you have to replace 8083 by 8080
no actually when new question came there port no 8083 was mentioned for apache port.
Did you change the port also in iptables ?
ok let me do that and will let you know.
done iptables-save after that restarted iptables . But after that also when i try to do telnet from jump host its not working for apache .
