Failed to connect to: No route to host correctly Server A to B
-
- Posts: 4
- Joined: 2020/03/05 18:38:57
Failed to connect to: No route to host correctly Server A to B
Hi, I have two servers which connect together through API. However, I have no idea why it blocks each other. I have done almost everything but does not get any solution. Steps I have done.
Add this following rules to iptables
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
Then, I tried to disable iptables
service iptables stop
I add the ip address into hosts.allow
All those steps is not working. I tried to check, there is no firewall installed. The weird thing, it works once I reboot the server. It really strange since the problem should be from those servers. I am so frustrated since I have to reboot the server twice a day in order to make it works.
Add this following rules to iptables
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
Then, I tried to disable iptables
service iptables stop
I add the ip address into hosts.allow
All those steps is not working. I tried to check, there is no firewall installed. The weird thing, it works once I reboot the server. It really strange since the problem should be from those servers. I am so frustrated since I have to reboot the server twice a day in order to make it works.
Re: Failed to connect to: No route to host correctly Server A to B
You are Appending these rules to the existing rule sets. If a prior rule already causes the packets to be dropped, these rules will not make any difference.
Post the results of:
when the servers cannot connect.
You might have a routing problem. Try installing tcptraceroute and tcpdump use these to see what is happening to your packets.
Are you sure the IP addresses are not changing or that you don't have other machines with duplicate IP addresses (or MAC addresses). Normally the scripts that bring up the interfaces will check for this, but those checks can be disabled.
Post the results of:
Code: Select all
iptables -L -n -v
You might have a routing problem. Try installing tcptraceroute and tcpdump use these to see what is happening to your packets.
Are you sure the IP addresses are not changing or that you don't have other machines with duplicate IP addresses (or MAC addresses). Normally the scripts that bring up the interfaces will check for this, but those checks can be disabled.
-
- Posts: 4
- Joined: 2020/03/05 18:38:57
Re: Failed to connect to: No route to host correctly Server A to B
Hi, I have disabled iptables anyway. The problem comes from "blackhole" I have no idea what it is. It seems from the route process. When I tried running
sh /script/remove-blackhole-block
it removes all the blocked IP from blackhole filtering. It works within second but I have to run this twice a day since the IP is easy to get block. Do you have any idea how to whitelist it? Thank you.
sh /script/remove-blackhole-block
Code: Select all
- Removing 103.18.179.196 from IP blackhole blocked
- Removing 92.118.38.40 from IP blackhole blocked
- Removing 119.249.54.217 from IP blackhole blocked
- Removing 92.118.38.38 from IP blackhole blocked
- Removing 92.118.38.39 from IP blackhole blocked
- Removing 185.254.188.215 from IP blackhole blocked
- Removing 46.38.144.57 from IP blackhole blocked
- Removing 144.217.197.11 from IP blackhole blocked
- Removing 46.38.144.49 from IP blackhole blocked
Re: Failed to connect to: No route to host correctly Server A to B
Background: https://en.wikipedia.org/wiki/Black_hole_(networking)
There are various sysctl settings for this, see https://www.kernel.org/doc/Documentatio ... sysctl.txt
It could be something stupid like I can get there, but can't get back (for example).
There are various sysctl settings for this, see https://www.kernel.org/doc/Documentatio ... sysctl.txt
It could be something stupid like I can get there, but can't get back (for example).
Re: Failed to connect to: No route to host correctly Server A to B
That script appears to be part of something called pihole so if you run that then you probably want to ask in a pihole venue as they're more likely to be able to help.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 4
- Joined: 2020/03/05 18:38:57
Re: Failed to connect to: No route to host correctly Server A to B
I have various files there but there is ip-sysctl.txtaks wrote: ↑2020/03/08 13:13:01Background: https://en.wikipedia.org/wiki/Black_hole_(networking)
There are various sysctl settings for this, see https://www.kernel.org/doc/Documentatio ... sysctl.txt
It could be something stupid like I can get there, but can't get back (for example).
Code: Select all
cipso_cache_bucket_size inet_peer_gc_mintime ipfrag_max_dist tcp_challenge_ack_limit tcp_low_latency tcp_retries1 tcp_tw_recycle
cipso_cache_enable inet_peer_maxttl ipfrag_secret_interval tcp_congestion_control tcp_max_orphans tcp_retries2 tcp_tw_reuse
cipso_rbm_optfmt inet_peer_minttl ipfrag_time tcp_dma_copybreak tcp_max_ssthresh tcp_rfc1337 tcp_window_scaling
cipso_rbm_strictvalid inet_peer_threshold neigh tcp_dsack tcp_max_syn_backlog tcp_rmem tcp_wmem
conf ip_default_ttl ping_group_range tcp_ecn tcp_max_tw_buckets tcp_sack tcp_workaround_signed_windows
icmp_echo_ignore_all ip_dynaddr route tcp_fack tcp_mem tcp_slow_start_after_idle udp_mem
icmp_echo_ignore_broadcasts ip_forward rt_cache_rebuild_count tcp_fin_timeout tcp_min_snd_mss tcp_stdurg udp_rmem_min
icmp_errors_use_inbound_ifaddr ip_forward_use_pmtu tcp_abc tcp_frto tcp_min_tso_segs tcp_syn_retries udp_wmem_min
icmp_ignore_bogus_error_responses ip_local_port_range tcp_abort_on_overflow tcp_frto_response tcp_moderate_rcvbuf tcp_synack_retries xfrm4_gc_thresh
icmp_ratelimit ip_local_reserved_ports tcp_adv_win_scale tcp_invalid_ratelimit tcp_mtu_probing tcp_syncookies
icmp_ratemask ip_no_pmtu_disc tcp_allowed_congestion_control tcp_keepalive_intvl tcp_no_metrics_save tcp_thin_dupack
igmp_max_memberships ip_nonlocal_bind tcp_app_win tcp_keepalive_probes tcp_orphan_retries tcp_thin_linear_timeouts
igmp_max_msf ipfrag_high_thresh tcp_available_congestion_control tcp_keepalive_time tcp_reordering tcp_timestamps
inet_peer_gc_maxtime ipfrag_low_thresh tcp_base_mss tcp_limit_output_bytes tcp_retrans_collapse tcp_tso_win_divisor
Last edited by flameblue59 on 2020/03/09 02:37:07, edited 1 time in total.
-
- Posts: 4
- Joined: 2020/03/05 18:38:57
Re: Failed to connect to: No route to host correctly Server A to B
Well since you have that script on your machine and it is not something that we provide, it would appear that your machine has this "pihole" software installed on it. That is not something we provide and it's a project in its own right so I would suggest using google to find their website and see what support resources they have and ask there. This pihole thing is designed to stop advertising websites and also to guard against attacks so it's presumably classing some relatively normal activity on your machine as an attack and adding that route to stop them from getting to your machine. Quite how it does that is not really something we can cover on this forum unless someone comes along who runs it and knows more about it. For better support, you'd be better off asking the pihole people directly as it's presumably something they'd already know the answer to.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Failed to connect to: No route to host correctly Server A to B
Read the links!
It's a command called sysctl
It's a command called sysctl