odd problem. No route to host, put can ping

blackax · 05-09-2011, 12:24 PM

I have a server that I can ping, and I can connect remotely with ssh to it. But when I try to connect to apache (port 80) I get "no route to host". But I can connect to localhost
It's not just my client system that is having this problem but also systems that are on the same subnet
There is no firewall running on the server

route on the server

Code:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.99.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         192.168.99.2    0.0.0.0         UG    0      0        0 eth0

Ifconfig on server

Code:

#  ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:01:03:2E:5F:8E  
          inet addr:192.168.99.25  Bcast:192.168.99.255  Mask:255.255.255.0
          inet6 addr: fe80::201:3ff:fe2e:5f8e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4263 errors:0 dropped:0 overruns:1 frame:0
          TX packets:2463 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:437014 (426.7 KiB)  TX bytes:239663 (234.0 KiB)
          Interrupt:11 Base address:0xac00

Ping from client to server

Code:

$ ping 192.168.99.25
PING 192.168.99.25 (192.168.99.25) 56(84) bytes of data.
64 bytes from 192.168.99.25: icmp_seq=1 ttl=63 time=0.586 ms
64 bytes from 192.168.99.25: icmp_seq=2 ttl=63 time=0.369 ms
64 bytes from 192.168.99.25: icmp_seq=3 ttl=63 time=0.381 ms
64 bytes from 192.168.99.25: icmp_seq=4 ttl=63 time=0.402 ms
^C
--- 192.168.99.25 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3011ms
rtt min/avg/max/mdev = 0.369/0.434/0.586/0.090 ms

Traceroute to server

Code:

$ traceroute 192.168.99.25
traceroute to 192.168.99.25 (192.168.99.25), 30 hops max, 40 byte packets
 1  192.168.31.1 (192.168.31.1)  0.684 ms  0.944 ms  1.416 ms
 2  syslog.99.168.192.in-addr.arpa (192.168.99.25)  0.390 ms !X  0.291 ms !X  0.253 ms !X

T3RM1NVT0R · 05-09-2011, 12:31 PM

When you say you are trying to connect to apache service on the server. Are you trying to telnet that server on port 80?

Check if apache service is running on that server.

service httpd status

If showing as stopped start it:

service httpd start

If running on Debian or any of its derivatives then instead of service httpd status use service apache2 status

Because you can connect to it using SSH and ping it so nothing wrong with the network. Not sure but even if the firewall is on you should get a reply saying connection refused.

blackax · 05-09-2011, 12:55 PM

apache is started (I can connect localy) and if I try to connect remotely by using telnet on port 80 i'm getting the "no route to host" error

T3RM1NVT0R · 05-09-2011, 01:12 PM

Here is what I can understand from your post:

1. You are able to connect to the server using SSH locally as well as remotely.
2. You are able to telnet server on port 80 locally but when you try to telnet your server on port 80 remotely you get no route to host.
3. No firewall running on the server.

Here are the things that I would like to know:

1. Is there any firewall running between remote machines and server blocking port 80?
2. Are you able to browse the default apache home page from remote machines?
3. How you are trying to telnet via host name or via IP
4. Output of /etc/apache2/apache2.conf
5. How name resolution is configured.
6. When you say you can connect to localhost what does that mean?

blackax · 05-09-2011, 04:18 PM

Quote:

Originally Posted by T3RM1NVT0R

Here is what I can understand from your post:

1. You are able to connect to the server using SSH locally as well as remotely.
2. You are able to telnet server on port 80 locally but when you try to telnet your server on port 80 remotely you get no route to host.
3. No firewall running on the server.

Here are the things that I would like to know:

1. Is there any firewall running between remote machines and server blocking port 80?
2. Are you able to browse the default apache home page from remote machines?
3. How you are trying to telnet via host name or via IP
4. Output of /etc/apache2/apache2.conf
5. How name resolution is configured.
6. When you say you can connect to localhost what does that mean?

1: There is no firewall or ACL between my client pc and the Server

2: No I can't browse the default apache page from a remote system

3: I'm trying to connect to the IP

4: Apache is listening on 0.0.0.0:80

Code:

# netstat -l -n | grep 80
tcp        0      0 :::80                       :::*                    LISTEN

5: Some remote pc's use a local intranet dns server some use a host file

6: I try to connect apache directly on the server

T3RM1NVT0R · 05-09-2011, 04:38 PM

Alright getting a better picture.

Look at /etc/apache2/ports.conf file and let me know what NameVirtualHost directive says and what listen directive says.

If it appears to be something different from below then give a try changing them:

NameVirtualHost *:80
Listen 80

Restart apache services and then give a try telneting it.

blackax · 05-09-2011, 05:04 PM

Nope didn't help

T3RM1NVT0R · 05-09-2011, 05:17 PM

Then there is something which is blocking/discarding the packets with a reply

Just try this, run the following command on the server: iptables -F and then try to connect remotely.

devwatchdog · 05-09-2011, 05:45 PM

Let's take a look at what the traffic is doing you send to the server. Run this command on your server (as root):

Code:

tcpdump -nni ethX port 80

The 'ethX' needing to be changed to the NIC you use on the server, such as eth0, eth1, etc, etc.

That will show you if the traffic is indeed getting there, which from what you have shown insofar as your network config goes, it should be. If you see traffic only coming in to the server from the client system, and not being answered, well, you probably some some sort of a config problem on Apache. I'm guessing that the traffic is getting there, it just isn't responding.

blackax · 05-09-2011, 06:21 PM

I'm still not sure what the problem was but I reloaded the network stack and it is now working....Very confusing problem Thank you all the help.

also Iptable's was completely off so it wasn't blocking

sharepass11 · 02-28-2013, 08:33 AM

Hi, I had this same exact problem, but in Fedora 18, I finally managed to fix it by open the firewall dialog (Applications -> Other -> Firewall) , select "Persistent Configuration" and then proceeded to mark the "http" service as trusted on all zones.

Hope this can be useful to someone with the same problem.

Regards,

smpn · 01-12-2015, 11:18 AM

This might be too late reply, but thought it would help someone in the future. I had similar issue with CentOS 6, found out the repo server had OS firewall turned on. After turning off iptables, client machine was able to hit the repository.

# service iptables stop
# chkconfig iptables off