Loading ...
Sorry, an error occurred while loading the content.

'no route to host' on a lan

Expand Messages
  • Michael Klinosky
    I m trying to set up my home lan to use rcp, but I have a problem - [mpk@d500 documents]$ rcp info 10.0.0.6: 10.0.0.6: No route to host To diagnose the problem
    Message 1 of 10 , Aug 4 3:39 PM
    • 0 Attachment
      I'm trying to set up my home lan to use rcp, but I have a problem -

      [mpk@d500 documents]$ rcp info 10.0.0.6:
      10.0.0.6: No route to host

      To diagnose the problem -

      [root@d500 etc]# ifconfig
      eth0 Link encap:Ethernet HWaddr 00:08:02:40:94:68
      inet addr:10.0.0.50 Bcast:10.0.0.255 Mask:255.255.255.0
      inet6 addr: fe80::208:2ff:fe40:9468/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
      RX packets:4844296 errors:0 dropped:0 overruns:0 frame:0
      TX packets:2818454 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:2653991096 (2.4 GiB) TX bytes:222161964 (211.8 MiB)

      [root@d500 ~]# ping 10.0.0.6
      PING 10.0.0.6 (10.0.0.6) 56(84) bytes of data.
      64 bytes from 10.0.0.6: icmp_seq=1 ttl=64 time=0.323 ms

      --- 10.0.0.6 ping statistics ---
      1 packets transmitted, 1 received, 0% packet loss, time 0ms

      [root@d500 ~]# iptables -L
      ...
      Chain RH-Firewall-1-INPUT (1 references)
      target prot opt source destination
      ACCEPT 0 -- anywhere anywhere
      ACCEPT icmp -- anywhere anywhere icmp any
      ACCEPT esp -- anywhere anywhere
      ACCEPT ah -- anywhere anywhere
      ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
      ACCEPT udp -- anywhere anywhere udp dpt:ipp
      ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
      ACCEPT 0 -- anywhere anywhere state
      RELATED,ESTABLISHED
      ACCEPT tcp -- anywhere anywhere state NEW
      tcp dpt:pxc-spvr
      ACCEPT udp -- anywhere anywhere udp dpt:rcp
      ACCEPT tcp -- anywhere anywhere tcp dpt:rcp
      REJECT 0 -- anywhere anywhere reject-with
      icmp-host-prohibited

      Btw, I entered the lines, then restarted the service.

      [root@d500 ~]# route
      Kernel IP routing table
      Destination Gateway Genmask Flags Metric Ref Use
      Iface
      10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
      169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
      default local.gateway 0.0.0.0 UG 0 0 0 eth0

      [root@d500 etc]# cat /etc/resolv.conf
      ; generated by /sbin/dhclient-script
      nameserver 10.0.0.2

      What else is there to check?
      Or, does anyone know what the problem is?
    • Michael Kjorling
      ... Hash: SHA1 ... I would try to figure out why rcp says no route to host when you pretty obviously have one. Can you telnet to the rsh port and get a
      Message 2 of 10 , Aug 4 4:07 PM
      • 0 Attachment
        -----BEGIN PGP SIGNED MESSAGE-----
        Hash: SHA1

        On 4 Aug 2007 18:39 -0400, by mpk2@... (Michael Klinosky):
        > What else is there to check?

        I would try to figure out why rcp says no route to host when you
        pretty obviously have one. Can you telnet to the rsh port and get a
        connection that way? Can you use another, more common service on the
        remote host (say, SSH, HTTP, SMTP, ...)? What are the firewall rules
        on the remote host, especially its INPUT chain? Is there anything in
        the OUTPUT chain on the local host that might affect the connection,
        either an explicit rule or the chain policy? Can you connect to other
        systems on the LAN (if you have any), with rsh/rcp or something else,
        from the host that shows this problem? If you have a third PC, can you
        connect from it to the rsh host on either the rsh port or to some
        other service running on it?

        Those are the things that I can think of off the top of my head to
        check that might help track down the problem.

        - --
        Michael Kjörling, michael@... - http://michael.kjorling.com/
        * ..... No bird soars too high if he soars with his own wings ..... *
        * .... ENCRYPTED email preferred .. OpenPGP key ID: 0xBDE9ADA6 .... *
        * ASCII Ribbon Campaign: Against HTML mail, proprietary attachments *

        -----BEGIN PGP SIGNATURE-----
        Version: GnuPG v2.0.3 (GNU/Linux)

        iD8DBQFGtQa6dY+HSb3praYRAsHCAJ99qodb2RUs5L/tKoVpSUjQZN3uNACfQVoe
        FM7FdetTF5ZOIXA55JcXcQc=
        =/9tO
        -----END PGP SIGNATURE-----
      • Michael Klinosky
        ... [root@d500 net]# telnet 10.0.0.6 222 Trying 10.0.0.6... telnet: connect to address 10.0.0.6: No route to host ... [root@d500 net]# ssh 10.0.0.6 ssh:
        Message 3 of 10 , Aug 4 5:57 PM
        • 0 Attachment
          Michael Kjorling:
          > pretty obviously have one. Can you telnet to the rsh port and get a
          > connection that way?

          [root@d500 net]# telnet 10.0.0.6 222
          Trying 10.0.0.6...
          telnet: connect to address 10.0.0.6: No route to host

          > Can you use another, more common service on the
          > remote host (say, SSH, HTTP, SMTP, ...)?

          [root@d500 net]# ssh 10.0.0.6
          ssh: connect to host 10.0.0.6 port 22: No route to host

          I am familiar with ssh (set it up to connect to my lan from a dial-up
          remote on a non-default port).

          sshd is enabled on the machine I tried to log into, and I configged my
          router to forward port 22 to it.

          > What are the firewall rules
          > on the remote host, especially its INPUT chain?

          Ah, yes - I forgot to mention that I configged that also. By 'input',
          are you referring to 'RH-Firewall-1-INPUT' (as opposed to 'INPUT')?

          [root@5bw130 ~]# iptables -L
          Chain INPUT (policy ACCEPT)
          target prot opt source destination
          RH-Firewall-1-INPUT 0 -- anywhere anywhere

          Chain FORWARD (policy ACCEPT)
          target prot opt source destination
          REJECT 0 -- anywhere anywhere reject-with
          icmp-host-prohibited

          Chain OUTPUT (policy ACCEPT)
          target prot opt source destination

          Chain RH-Firewall-1-INPUT (1 references)
          target prot opt source destination
          ACCEPT 0 -- anywhere anywhere
          ACCEPT icmp -- anywhere anywhere icmp any
          ACCEPT esp -- anywhere anywhere
          ACCEPT ah -- anywhere anywhere
          ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
          ACCEPT udp -- anywhere anywhere udp dpt:ipp
          ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
          ACCEPT 0 -- anywhere anywhere state
          RELATED,ESTABLISHED
          ACCEPT udp -- anywhere anywhere udp dpt:rcp
          ACCEPT tcp -- anywhere anywhere tcp dpt:rcp
          REJECT 0 -- anywhere anywhere reject-with
          icmp-host-prohibited

          > Is there anything in
          > the OUTPUT chain on the local host that might affect the connection,
          > either an explicit rule or the chain policy?

          [root@d500 net]# iptables -L
          Chain INPUT (policy ACCEPT)
          target prot opt source destination
          RH-Firewall-1-INPUT 0 -- anywhere anywhere

          Chain FORWARD (policy ACCEPT)
          target prot opt source destination
          REJECT 0 -- anywhere anywhere reject-with
          icmp-host-prohibited

          Chain OUTPUT (policy ACCEPT)
          target prot opt source destination

          > Can you connect to other
          > systems on the LAN (if you have any), with rsh/rcp or something else,
          > from the host that shows this problem?

          Probably not - this is my first foray into this endeavor, so I didn't
          set this up on any other machine.

          > If you have a third PC, can you
          > connect from it to the rsh host on either the rsh port or to some
          > other service running on it?

          Whoa! That's a bit over my head. :) I'm barely out of newbie-dom.

          Connect how? Telnet? If rsh, and it needs to be set up / configged -
          haven't done that.

          I do have another linux machine on this lan.
        • horrorvacui@gmx.net
          On Sat, 04 Aug 2007 20:57:59 -0400 ... You know, this looks like a firewall interfering. Disable it temporarily (on both machines involved) and try it out. If
          Message 4 of 10 , Aug 5 1:30 PM
          • 0 Attachment
            On Sat, 04 Aug 2007 20:57:59 -0400
            Michael Klinosky <mpk2@...> wrote:

            > Michael Kjorling:
            > > pretty obviously have one. Can you telnet to the rsh port and get a
            > > connection that way?
            >
            > [root@d500 net]# telnet 10.0.0.6 222
            > Trying 10.0.0.6...
            > telnet: connect to address 10.0.0.6: No route to host

            You know, this looks like a firewall interfering. Disable it
            temporarily (on both machines involved) and try it out. If it
            works, you know that you need to troubleshoot the firewall. Start it
            again on one of the machines and try again, to find out exactly which
            firewall you need to troubleshoot.

            Generally, troubleshooting network connection stuff is a complex-ish
            matter, so you'll do yourself a favour by removing the complexity
            (firewalls and such) and concentrate on the job at hand. Find out that
            the network works (as in fact it should, based on your posted configs),
            then move on to find out what is causing problems

            Cheers
            --
            Horror Vacui

            War Is Peace
            Freedom Is Slavery
            Ignorance Is Strength
          • Michael Klinosky
            ... Yup - I also neglected to mention that I did try stopping iptables on the local machine (which didn t help, of course). I stopped it on both - [mpk@d500
            Message 5 of 10 , Aug 5 1:47 PM
            • 0 Attachment
              horrorvacui:
              > You know, this looks like a firewall interfering. Disable it
              > temporarily (on both machines involved) and try it out.

              Yup - I also neglected to mention that I did try stopping iptables on
              the local machine (which didn't help, of course).

              I stopped it on both -
              [mpk@d500 documents]$ rcp info 10.0.0.6:
              10.0.0.6: Connection refused

              I then restarted it on the local -
              [mpk@d500 documents]$ rcp info 10.0.0.6:
              10.0.0.6: Connection refused

              I already posted the iptable for the remote machine (name is 5bw130). I
              did the same to it as the local - added the tcp & udp for rcp (port
              469). Do I need more? Do I need those entries?

              And, why would the connection be refused? I have xinetd running on the
              remote. N.b. that I'm not sure that it's set up properly. chkconfig
              --list states that, of the xinetd-based services, only rsync is active.
              Is there something else to config in xinetd?
            • Michael Kjorling
              ... Hash: SHA1 ... Connection refused, barring a firewall, generally means there is nothing listening on the port/interface/address to which a connection was
              Message 6 of 10 , Aug 5 2:01 PM
              • 0 Attachment
                -----BEGIN PGP SIGNED MESSAGE-----
                Hash: SHA1

                On 5 Aug 2007 16:47 -0400, by mpk2@... (Michael Klinosky):
                > [mpk@d500 documents]$ rcp info 10.0.0.6:
                > 10.0.0.6: Connection refused

                Connection refused, barring a firewall, generally means there is
                nothing listening on the port/interface/address to which a connection
                was attempted.


                > And, why would the connection be refused? I have xinetd running on the
                > remote. N.b. that I'm not sure that it's set up properly. chkconfig
                > --list states that, of the xinetd-based services, only rsync is active.
                > Is there something else to config in xinetd?

                rsync != rcp

                - --
                Michael Kjörling, michael@... - http://michael.kjorling.com/
                * ..... No bird soars too high if he soars with his own wings ..... *
                * .... ENCRYPTED email preferred .. OpenPGP key ID: 0xBDE9ADA6 .... *
                * ASCII Ribbon Campaign: Against HTML mail, proprietary attachments *

                -----BEGIN PGP SIGNATURE-----
                Version: GnuPG v2.0.3 (GNU/Linux)

                iD8DBQFGtjqjdY+HSb3praYRAtb+AKCn0OMiK/zvKMKEaONmfI+w1uCT/gCgnLrn
                0X1oeodZRhhWPxILw+VY7RE=
                =/ESJ
                -----END PGP SIGNATURE-----
              • ed
                On Sun, 05 Aug 2007 16:47:57 -0400 ... I advise you run this on the remote box: tcpdump -neXti ethN -s 2000 -w capture.log (Where N is the LAN interface
                Message 7 of 10 , Aug 5 2:05 PM
                • 0 Attachment
                  On Sun, 05 Aug 2007 16:47:57 -0400
                  Michael Klinosky <mpk2@...> wrote:

                  > And, why would the connection be refused? I have xinetd running on
                  > the remote. N.b. that I'm not sure that it's set up properly.
                  > chkconfig --list states that, of the xinetd-based services, only
                  > rsync is active. Is there something else to config in xinetd?

                  I advise you run this on the remote box:

                  tcpdump -neXti ethN -s 2000 -w capture.log

                  (Where N is the LAN interface number) and then try to connect.

                  Once complete, stop the capture and log it in wireshark (a GUI viewer
                  for tcpdump captures).

                  If you see a ICMP port unreach then it probably means that the rcp
                  daemon is not running (whatever it is, portmap or something maybe -
                  I've never used it, scp does what I need securely).

                  --
                  The SCSI Controller to www.evilrobot.org is floppin like a dying fish
                  because of a great disturbance in the force. Tech Support is required
                  to go to a mandatory meeting to be fired. :: http://www.s5h.net/ ::
                  http://www.s5h.net/gpg


                  [Non-text portions of this message have been removed]
                • Michael Klinosky
                  ... So, is there a daemon that I need to activate? Or, ...? ... is no rcp listed in xinetd services. I know that it has to be running, but don t really know
                  Message 8 of 10 , Aug 5 2:19 PM
                  • 0 Attachment
                    Michael Kjorling wrote:
                    > Connection refused, barring a firewall, generally means there is
                    > nothing listening on the port/interface/address to which a connection
                    > was attempted.

                    So, is there a daemon that I need to activate? Or, ...?

                    > rsync != rcp

                    :) I didn't mean to imply as such. Actually, I was wondering why there
                    is no 'rcp' listed in xinetd services. I know that it has to be running,
                    but don't really know why.
                  • horrorvacui@gmx.net
                    On Sun, 05 Aug 2007 17:19:51 -0400 ... Woopsy - I thought you re trying to scp, which is the better option anyway. Anyway, I just googled for rcp service and
                    Message 9 of 10 , Aug 8 12:29 PM
                    • 0 Attachment
                      On Sun, 05 Aug 2007 17:19:51 -0400
                      Michael Klinosky <mpk2@...> wrote:

                      > Michael Kjorling wrote:
                      > > Connection refused, barring a firewall, generally means there is
                      > > nothing listening on the port/interface/address to which a connection
                      > > was attempted.
                      >
                      > So, is there a daemon that I need to activate? Or, ...?
                      >
                      > > rsync != rcp
                      >
                      > :) I didn't mean to imply as such. Actually, I was wondering why there
                      > is no 'rcp' listed in xinetd services. I know that it has to be running,
                      > but don't really know why.

                      Woopsy - I thought you're trying to scp, which is the better option
                      anyway.

                      Anyway, I just googled for "rcp service" and it pointed me to a
                      manpage, which says that rcp connects to rshd service or daemon. So
                      this is what you should enable to use rcp. But don't

                      Enable the sshd on both machines and use scp, even though the encrypted
                      connection might not be needed in a private network. The advantage will
                      be that you'll be using an up-to-date solution, available on most
                      GNU/Linux computers.

                      Cheers
                      --
                      Horror Vacui

                      War Is Peace
                      Freedom Is Slavery
                      Ignorance Is Strength
                    • Michael Klinosky
                      ... Ok - thank you. Actually, I haven t been able to hack on that - been looking for a house to buy.
                      Message 10 of 10 , Aug 8 4:29 PM
                      • 0 Attachment
                        horrorvacui:
                        > Woopsy - I thought you're trying to scp, which is the better option
                        > anyway.

                        Ok - thank you.

                        Actually, I haven't been able to hack on that - been looking for a house
                        to buy.
                      Your message has been successfully submitted and would be delivered to recipients shortly.