RHEL7: Debug network services.

Share this link

Standard process

When you’ve got a service problem between two servers (here local and remote), follow these steps.

Here we assume the local configuration is OK (working DNS or /etc/hosts file).

Start by checking the connectivity:

local# ping remote

If you don’t get any result, connect to the remote server through a console (see the RHEL 7 virtual console page) and check the basic system & network configuration (run level, ip address, default gateway, etc).

If the remote server replies, install nmap and check the remote services (see my previous post about nmap):

local# yum install -y nmap
local# nmap remote

At this point, it can be useful to stop Firewalld locally or remotely in case communications can’t go through because of it:

local# systemctl stop firewalld
remote# systemctl stop firewalld

If you don’t get any progress, it could also be useful to bring the SELinux configuration of the remote server in permissive mode:

remote# setenforce Permissive

Useful tools for specific services

Some commands can be used to debug services like:

  • telnet to debug smtp (telnet remote 25), http (telnet remote 80),
  • elinks to debug http (elinks remote),
  • showmount to debug NFSv3 & NFSv2 (showmount -e remote) but not NFSv4 (=> mount remote:/ /mnt; cd /mnt; ls exports): if you want to use showmount with NFSv4, you need to stop Firewalld on the NFS server (or open the 111 udp and 20048 tcp ports on the NFS server).
  • rpcdebug to debug kernel RPC/NFS problems (rpcdebug -m rpc -s all; rpcdebug -m nfsd -s all).

Things to remember

Some services require NTP synchronization to work properly (Kerberos, etc), some others rely on a working DNS (smtp & the MX records, etc).

In addition, the TCP wrapper files (/etc/hosts.allow & /etc/hosts.deny) should be empty.

Finally, when connecting RHEL 7/CentOS 7 servers to RHEL 6/CentOS 6 servers, keep in mind that user id/group id start at 1000 in RHEL 7 by default when they start at 500 in RHEL 6.

Additional Resources

Digital Ocean provides an interesting tutorial about Nmap and Tcpdump.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)

Leave a Reply

Be the First to Comment!

Notify of

RHCSA7: Task of the day

Allowed time: 5 minutes.
Create a user account named "tony" with password “redhat” and belonging to a secondary group called “team”.

RHCE7: Task of the day

Allowed time: 3 minutes.
Configure your machine to be a router.

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...