Unable to connect on poert 80

bennhana · March 12, 2025, 10:10am

Hi all

I installed Rocky Linux and then added Wazuh. It’s running fine but I wanted to add Letsencrypt but I am getting an error that port 80 is not open. I opened port 80 and other necessary ports for Wazuh but 80 is not working as shown below.

firewall-cmd --permanent --add-port=80/tcp
Warning: ALREADY_ENABLED: 80:tcp

telnet localhost 80
Trying ::1…
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1…
telnet: connect to address 127.0.0.1: Connection refused

When I run netstat to check if something is running on port 80 I get nothing.
netstat -tulnp4 | grep :80

I really need to install Letsencrypt as this is going to be used in a production network. What could be the reason. Please, help.

jlehtone · March 12, 2025, 11:25am

Note on netstat: there is a newer tool ss
Alas, ss -tulnp4 | grep :80 will give you the same info – no process.

The question is, why no process?
Who is supposed to listen on tcp/80?
Was it not started?
If it is running, then why does it not listen?
Does it write any logs?

One thing that can prevent a process from listening on port is SELinux.

audit2why -a

could reveal such denials.

bennhana · March 12, 2025, 11:40am

SELINUX was the first thing that I disabled soon after installing the OS. This is why I am also wondering why this is happening.

jlehtone · March 12, 2025, 11:54am

I can only repeat:
What is the process that should listen?
Is it running?
Does it listen on some port?
Can it write debug log to tell why it does not listen on tcp/80?

iwalker · March 12, 2025, 11:59am

Also, when using firewall-cmd with --permanent parameter, the configuration is not active until you do one of two things. Either:

firewall-cmd --reload

or repeat adding the firewall rule but without adding --permanent. For example:

firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --add-port=80/tcp

the first line you did before, the second one would make it active immediately without needing to use reload.

Using permanent it just goes to the configuration. A similar thing is if you add a rule without using --permanent and then restart firewalld you will lose the rule as it wasn’t saved to the config.

And using netstat or ss commands you can see if port 80 is actually listening.

bennhana · March 12, 2025, 2:24pm

Thanks all for the responses. Since I was running against time I had to just destroy the the Virtual machine. It’s running on Proxmox, and reinstall it. All working fine now. I have mananged to deploy agents.