When i tried to connect to my web server, i got this error.

curl myserver.com:80
curl: (7) Failed to connect to myserver.com port 80: No route to host

I can pingg, SSH to server - so it's not a network configuration error.

My first thought: It's firewall issue , so i tried to connect to it directly from a another server on the same subnet - still got the same error. So it's not firewall blocked.

Iptables ? i clear my current iptables - still the same error.

I tried to connect to different port - i still got "no route to host", i'm supposed to get "connection refused" if the remote server is not up. I tried a nmap , i see i have "ssh" open and "9090" refused. Why 9090 is refused but all others are "no route to host"?

I decided to try a tcpdump , i see the packet from remote client arrives, but i don't see a response from the server to the client.

I have no glue what is blocking the response. Now i know that there is something special about 9090 , so i decided to check all the configuration files having 9090 in its configuration, i'm lucky , i see it 's in nftables/main.nft

[[email protected]]# grep -r 9090 /etc/*
brltty/Contraction/zh-tw-ucb.ctb:always \u9090  14-16-4 邐
brltty/Contraction/zh-tw.ctb:always \u9090 14-16-4
nftables/main.nft:              elements = { ssh, 9090 }

OK google nftables and i found that it's netfilter service. I updated its configuration file.

I see its service status is of so i start it , It works like a charm.

 systemctl status nftables
● nftables.service - Netfilter Tables
   Loaded: loaded (/usr/lib/systemd/system/nftables.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:nft(8)