In this hands-on lab, you will need to troubleshoot connectivity issues between `Client1` (10.0.1.11) and `Server1` (10.0.1.10). You will need to determine why the website at 10.0.1.10 is unreachable, and prep the host to make sure connectivity is in place to permit SSL traffic once it’s configured.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Confirm the problem.
On Client1 (10.0.1.11)
Confirm that the problem exists by curling the headers of 10.0.1.10 from 10.0.1.11:
curl -I 10.0.1.10- Confirm, and maybe resolve, Apache’s status.
On Server1 (10.0.1.10):
Verify a service is listening on port 80:
ss -lntp | grep :80If nothing is listening, check if Apache is running:
systemctl status httpdStart Apache if necessary:
systemctl start httpdDid that resolve the problem?
- Check firewall rules.
On Server1 (10.0.1.10):
Verify that the firewall is configured to permit http traffic:
firewall-cmd --list-servicesIf
httpisn’t present, it will need to be added:firewall-cmd --permanent --add-service=httpAnd the firewall rules will need to be reloaded to take effect:
firewall-cmd --reloadVerify that the problem is resolved.
- Permit https traffic in the firewall and verify.
On Server1 (10.0.1.10):
You will need to open port 443 in the firewall. You can do it with:
# firewall-cmd --permanent --add-service=httpsAnd then reloading the firewall config with this:
# firewall-cmd --reloadYou will need to facilitate listening on port 443 from
Server1(10.0.1.10). You can do this by installing thenmap-ncatpackage for CentOS:# yum install nmap-ncatAnd then using it to listen on port 443:
# nc -l -p 443On Client1 (10.0.1.11):
Install telnet:
$ yum install -y telnetYou can verify that 443 is accessible by using telnet:
$ telnet 10.0.1.10 443
