Guide for troubleshooting network services on a Linux system
This project is maintained by bertvv
In the transport layer, we’ll check whether the network service is actually running, what port it uses, and whether the firewall allows traffic on that port. An example for httpd is given, but this can be applied to other services.
sudo systemctl status httpd.service
active (running)If the output contains: inactive (dead), start the service, and if necessary, make sure it starts automatically on boot
sudo systemctl start httpd.service
sudo systemctl enable httpd.service
sudo ss -tlnp (list TCP (-t) server (-l) port numbers (-n) with the process behind them (-p). The -p option requires root, hence the sudo)
/etc/services for standard port numbers for well-known network services.Does the firewall allow traffic on the service? sudo firewall-cmd --list-all.
$ sudo firewall-cmd --list-all
[sudo] password for USER:
public (default, active)
interfaces: enp0s3 enp0s8
sources:
services: dhcpv6-client mdns samba-client ssh http https
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
Check the output for the following items:
firewall-cmd --get-services.firewalld is not necessarily equal to the service name for systemd. E.g. BIND is called named.service by systemd, while it is referred to as dns by firewalld.firewalld)