RHEL7: Debug network services.

Share this link

Standard process

When you’ve got a service problem between two servers (here local and remote), follow these steps.

Here we assume the local configuration is OK (working DNS or /etc/hosts file).

Start by checking the connectivity:

local# ping remote

If you don’t get any result, connect to the remote server through a console (see the RHEL 7 virtual console page) and check the basic system & network configuration (run level, ip address, default gateway, etc).

If the remote server replies, install nmap and check the remote services (see my previous post about nmap):

local# yum install -y nmap
local# nmap remote

At this point, it can be useful to stop Firewalld locally or remotely in case communications can’t go through because of it:

local# systemctl stop firewalld
remote# systemctl stop firewalld

If you don’t get any progress, it could also be useful to bring the SELinux configuration of the remote server in permissive mode:

remote# setenforce Permissive

Useful tools for specific services

Some commands can be used to debug services like:

  • telnet to debug smtp (telnet remote 25), http (telnet remote 80),
  • elinks to debug http (elinks remote) but not https (doesn’t work well with TLS),
  • showmount to debug NFSv3 & NFSv2 (showmount -e remote) but not NFSv4 (=> mount remote:/ /mnt; cd /mnt; ls exports): if you want to use showmount with NFSv4, you need to stop Firewalld on the NFS server (or open the 111 udp and 20048 tcp ports on the NFS server).
  • rpcdebug to debug kernel RPC/NFS problems (rpcdebug -m rpc -s all; rpcdebug -m nfsd -s all).

Things to remember

Some services require NTP synchronization to work properly (Kerberos, etc), some others rely on a working DNS (smtp & the MX records, etc).

In addition, the TCP wrapper files (/etc/hosts.allow & /etc/hosts.deny) should be empty.

Finally, when connecting RHEL 7/CentOS 7 servers to RHEL 6/CentOS 6 servers, keep in mind that user id/group id start at 1000 in RHEL 7 by default when they start at 500 in RHEL 6.

Additional Resources

Digital Ocean provides an interesting tutorial about Nmap and Tcpdump.
TheGeekDiary website wrote an article on How to find if a network port is open or not?

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)

Leave a Reply

Upcoming Events (Local Time)

There are no events.

RHCSA7: Task of the day

Allowed time: 10 minutes.
Create two new user accounts "steve" and "oliver".
Create a group "team". Create a directory "shared".
All files put into the "shared" directory by "steve" or "oliver" should belong to the "team" group and be only visible by them.

RHCE7: Task of the day

Allowed time: 8 minutes.
Set up an iScsi target based on a fileio backstore of 100MB called /opt/shareddata with CHAP authentication (username=usr/password=pwd), xfs filesystem and standard firewall configuration.

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...