Task Status - Failed - 'Apache' service on App Server 1 is not reachable from LB host

sgconline · August 26, 2020, 2:55pm

Please help me understand where this task failed?

Task Steps:
a. Allow all incoming connections on Nginx port.
b. Allow incoming connections from LB host only on Apache port and block for all others.
c. All rules must be permanent.
d. Zone should be public.
e. If Apache or Nginx services aren’t running already, please make sure to start them.

Commands Used:
sudo yum install firewalld -y
sudo systemctl start firewalld
sudo firewall-cmd --add-port=8096/tcp --permanent --zone public
sudo firewall-cmd --permanent --zone=public --add-rich-rule=’
rule family=“ipv4”
source address=“172.16.238.142”
port protocol=“tcp” port=“5003” accept’
sudo firewall-cmd --reload
sudo firewall-cmd --list-all

**Firewall-cmd --list-all Output **
stapp01
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports: 8096/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family=“ipv4” source address=“172.16.238.142” port port=“5003” protocol=“tcp” accept

stapp02
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports: 8096/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family=“ipv4” source address=“172.16.238.142” port port=“5003” protocol=“tcp” accept

stapp03
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports: 8096/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family=“ipv4” source address=“172.16.238.142” port port=“5003” protocol=“tcp” accept

Thanks in advance
Spence

sgconline · August 27, 2020, 10:13am

@Tej-Singh-Rana Any views on why this task failed. It is the second firewall task to fail for me, really need to understand where it is going askew?

Cheers
Spence

Tej-Singh-Rana · August 27, 2020, 10:22am

Hello @sgconline
What is the error message ? and Did you check the both service is running?

Tej-Singh-Rana · August 27, 2020, 10:23am

Firewall rules is fine.

sgconline · August 27, 2020, 11:56am

@Tej-Singh-Rana, yes I checked both services httpd and nginx where running using both sudo systemctl status and also did a ps -ef|grep as a precaution. All app servers indicated both services were running. The only error I received was at the end when I was notified that the task had failed as shown in the subject field.

Regards
Spence.

Tej-Singh-Rana · August 27, 2020, 1:21pm

KKE team will look into this.

grandfathermagic · October 22, 2021, 11:56am

I got the same problem myself

Apache service on App Server 1 is not reachable from LB host although no firewall block