ok let me do that and will let you know.

done iptables-save after that restarted iptables . But after that also when i try to do telnet from jump host its not working for apache .

Yes as port mentioned in question for apache i have done changes in iptables config file.

Okay , now share the output- list of rules configured ,
$sudo iptables -L INPUT -nv
Is the rule present now in the list?

sudo iptables -L INPUT -nv
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5 356 ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all – lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp – * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5000
6 360 REJECT all – * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

firewall service is active in that server?

yes firewall service is running .

systemctl status iptables
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
Active: active (exited) since Thu 2020-05-28 09:53:20 UTC; 25s ago
Process: 542 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS)
Process: 564 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
Main PID: 564 (code=exited, status=0/SUCCESS)

May 28 09:53:20 stapp01 systemd[1]: Starting IPv4 firewall with iptables…
May 28 09:53:20 stapp01 iptables.init[564]: iptables: Applying firewall rules: [ OK ]
May 28 09:53:20 stapp01 systemd[1]: Started IPv4 firewall with iptables.

Not sure what changes needs to be done to make apache accessible from jump host.
Iptables rule is set and its also reflecting there

iptables -L INPUT -nv
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
48 3276 ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all – lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp – * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:6100
56 3360 REJECT all – * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

what does telnet say ?

telnet 172.16.238.10:8083

Also, stop the iptables then test to rule out iptables.

share the output of error, which one is available in sudo journalctl -xe.
If you are not able to find particular service then try this one and figure out error.
sudo journalctl -u httpd.service or share with us. Do a fresh start and this time don’t add anything in iptables.

I was able to access apache on app server 1 after stoping iptables. BUt tasks shows failed.

I guess, It should work with iptables service running. I have completed it that way.

telnet 172.16.238.10:5004
telnet: 172.16.238.10:5004: Name or service not known
172.16.238.10:5004: Unknown host
thor@jump_host /$

I have stopped iptables then tried telnet.

root@stapp01 ~]# iptables -L INPUT -nv
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
67 4372 ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all – lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp – * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5004
19 1140 REJECT all – * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
[root@stapp01 ~]# netstat -apn |grep -i 5004
tcp 0 0 0.0.0.0:5004 0.0.0.0:* LISTEN 443/httpd

i guess iptables rule is displaying port but still telnet not working from jump host.

The rule has been set correctly , however you didn’t use telnet correctly:
What you typed: telnet 172.16.238.10:5004
Expected command syntax : telnet 172.16.238.10 5004
Or if you want you can use: curl 172.16.238.10:5004 for testing purpose

Thanks a lot for guiding me , my task got completed successfully.

That’s great! What were you doing wrong previously?

i am using wrong syntax for telnet thats why its not working.

@Tej-Singh-Rana @akshayyw @shantanukapoor

image1844×714 192 KB

thanks

Apache port is bound with another service so do netstat -nltp and figure it out to connected to whom and kill that process and restart your httpd and enable it. Do cross check by netstat again.