12/100 Linux Network Services

Our monitoring tool has reported an issue in Stratos Datacenter. One of our app servers has an issue, as its Apache service is not reachable on port 8084 (which is the Apache port). The service itself could be down, the firewall could be at fault, or something else could be causing the issue. Use tools like telnet, netstat, etc. to find and fix the issue. Also make sure Apache is reachable from the jump host without compromising any security settings.

Once fixed, you can test the same using command curl http://stapp01:8084 command from jump host.

#Determine which app is not responding using telnet from jump host
telnet stapp01 8084
Trying 172.16.238.10...
telnet: connect to address 172.16.238.10: No route to host

ssh tony@172.16.238.10 or ssh tony@stapp01
sudo systemctl status httpd
 httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2025-09-03 10:53:38 UTC; 7min ago
Sep 03 10:53:38 stapp01.stratos.xfusioncorp.com httpd[504]: (98)Address already in use: AH00072: make_sock: coul
d not bind to address 0.0.0.0:8084

# Check ports with netsta
sudo netstat -tulpn | grep 8084
tcp        0      0 127.0.0.1:8084          0.0.0.0:*               LISTEN      443/sendmail: accep

# Kill the process running - which as shown above is 443
sudo kill 443
sudo netstat -tulpn # Check to ensure it has been removed
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.11:37793        0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      315/sshd            
tcp6       0      0 :::22                   :::*                    LISTEN      315/sshd            
udp        0      0 127.0.0.11:39378        0.0.0.0:*                           - 
sudo systemctl restart httpd
curl http://stapp01:8084

Lab died during 1st attempt so port changed to 5003. Curl is showing the contents of the webapp however you need to verify that you can also reach this from the jump host - which still shows as no route to host - as shown below

telnet stapp01 5003
Trying 172.16.238.10...
telnet: connect to address 172.16.238.10: No route to host

#Back on stapp01 
sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Within Chain INPUT (policy ACCEPT) there is no rule allowing for TCP port 5003, so the last REJECT rule applies. To open port 5003 use:

sudo iptables -I INPUT 5 -p tcp --dport 5003 -j ACCEPT
sudo service iptables save

Note INPUT 5 puts the new rule above REJECT assuming that REJECT is the 5th rule in the chain.

Finally, back on the jump host - use telnet to check the connection:

telnet stapp01 5003
Trying 172.16.238.10...
Connected to stapp01.

curl http://stapp01:5003

12/100 Linux Network Services

Written by:

Chris Young