When i tried to connect to my web server, i got this error.
curl myserver.com:80
curl: (7) Failed to connect to myserver.com port 80: No route to host
I can pingg, SSH to server - so it's not a network configuration error.
My first thought: It's firewall issue , so i tried to connect to it directly from a another server on the same subnet - still got the same error. So it's not firewall blocked.
Iptables ? i clear my current iptables - still the same error.
I tried to connect to different port - i still got "no route to host", i'm supposed to get "connection refused" if the remote server is not up. I tried a nmap , i see i have "ssh" open and "9090" refused. Why 9090 is refused but all others are "no route to host"?
I decided to try a tcpdump , i see the packet from remote client arrives, but i don't see a response from the server to the client.
I have no glue what is blocking the response. Now i know that there is something special about 9090 , so i decided to check all the configuration files having 9090 in its configuration, i'm lucky , i see it 's in nftables/main.nft
[[email protected]]# grep -r 9090 /etc/*
brltty/Contraction/zh-tw-ucb.ctb:always \u9090 14-16-4 邐
brltty/Contraction/zh-tw.ctb:always \u9090 14-16-4
nftables/main.nft: elements = { ssh, 9090 }
OK google nftables and i found that it's netfilter service. I updated its configuration file.
I see its service status is of so i start it , It works like a charm.
systemctl status nftables
● nftables.service - Netfilter Tables
Loaded: loaded (/usr/lib/systemd/system/nftables.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:nft(8)
Leave a Reply