local RHEL 8 apache webserver not available from different subnet

I have setup a small apache webserver on a RHEL 8 VM that is accessible to machines on that particular subnet (10.x.x.x), but not on another subnet (172.x.x.x). This webserver has no internet access. I have tried temporarily disabling firewalld as well as SELinux when troubleshooting, but neither made a difference. From my Windows machine on a 172.x.x.x IP (website doesn't work), I get this in Powershell: > tnc 172.22.6.9 -port 80 WARNING: TCP connect to (172.22.6.9 : 80) failed ComputerName : 172.22.6.9 RemoteAddress : 172.22.6.9 RemotePort : 80 InterfaceAlias : Ethernet 3 SourceAddress : 172.16.195.117 PingSucceeded : True PingReplyDetails (RTT) : 31 ms TcpTestSucceeded : False On my other machine on the 10.x.x.x subnet (where the website works) I get this: > tnc 172.22.6.9 -port 80 ComputerName : 172.22.6.9 RemoteAddress : 172.22.6.9 RemotePort : 80 InterfaceAlias : Ethernet SourceAddress : 10.0.236.53 TcpTestSucceeded : True Tcpdump shows this below. I am ssh'ed in, so I believe this is whats showing up for port 22: $ tcpdump -nn -i ens192 | grep 172.16.195.117 dropped privs to tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes 08:23:28.730189 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 664703141:664703221, ack 3210526827, win 488, length 80 08:23:28.730354 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 80:176, ack 1, win 488, length 96 08:23:28.730574 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 176:304, ack 1, win 488, length 128 08:23:28.730676 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 304:400, ack 1, win 488, length 96 08:23:28.730761 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 400:528, ack 1, win 488, length 128 08:23:28.730839 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 528:624, ack 1, win 488, length 96 08:23:28.760000 IP 172.16.195.117.50600 > 172.22.6.9.22: Flags [.], ack 624, win 1022, length 0 08:23:35.942843 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 624:896, ack 1, win 488, length 272 08:23:36.023088 IP 172.16.195.117.50600 > 172.22.6.9.22: Flags [.], ack 896, win 1021, length 0 08:24:01.938129 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 896:1200, ack 1, win 488, length 304 08:24:02.017682 IP 172.16.195.117.50600 > 172.22.6.9.22: Flags [.], ack 1200, win 1025, length 0 08:24:05.957775 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 1200:1472, ack 1, win 488, length 272 08:24:06.035691 IP 172.16.195.117.50600 > 172.22.6.9.22: Flags [.], ack 1472, win 1024, length 0 08:25:01.976052 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 1472:1776, ack 1, win 488, length 304 08:25:02.051839 IP 172.16.195.117.50600 > 172.22.6.9.22: Flags [.], ack 1776, win 1023, length 0 08:25:05.991836 IP 172.22.6.9.22 > 172.16.195.117.50600: Flags [P.], seq 1776:2048, ack 1, win 488, length 272 08:25:06.066825 IP 172.16.195.117.50600 > 172.22.6.9.22: Flags [.], ack 2048, win 1022, length 0 08:25:33.318464 IP 172.16.195.117 > 172.22.6.9: ICMP echo request, id 1, seq 282, length 40 08:25:33.318493 IP 172.22.6.9 > 172.16.195.117: ICMP echo reply, id 1, seq 282, length 40 Where would you all start looking, even if the firewall service is disabled? The file - /etc/httpd/conf/httpd.conf shows Listen 80 One thing I did noticed while firewalld was running was the "trusted" zone didn't have the 172.x.x.x CIDR address listed. I'm not sure if this matters though because firewalld is disabled right now: $ firewall-cmd --get-active-zones libvirt interfaces: virbr0 public interfaces: ens192 trusted sources: 10.0.0.0/16 The output of this command firewall-cmd --get-active-zones | grep -P '^[^\s]' | xargs -I{} firewall-cmd --info-zone={} libvirt (active) target: ACCEPT icmp-block-inversion: no interfaces: virbr0 sources: services: dhcp dhcpv6 dns ssh tftp ports: protocols: icmp ipv6-icmp forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule priority="32767" reject public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: http https ssh ports: 3389/tcp 9524/tcp 9524/udp 80/tcp 443/tcp protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: trusted (active) target: ACCEPT icmp-block-inversion: no interfaces: sources: 10.0.0.0/16 services: ports: protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: Also: grep -PRn '^\s*Listen\s+' /etc/httpd 2>/dev/null shows: /etc/httpd/conf/httpd.conf:45:Listen 80 Any ideas? Thank you.