FeixiangFu
  1. 博客/

telnet探测提示No route to host的原因

·616 字·3 分钟
Linux

业务通过专线访问第三方机构服务,但是登录服务器telnet探测对方服务地址提示No route to host,并不是常见的Connection timed out。按照字面理解是没有到对方ip地址的路由?但实际是已经配置的

查看文档,发现no route to host是一个2层网络的提示信息,表示该IP不在线,目标主机不可达

The ICMP message, “no route to host,” means that ARP cannot find the layer-2 address for the destination host. Usually, this means that that the host with that IP address is not online or responding.

测试环境找两台虚拟机服务器验证

登录192.168.9.131服务器

[root@node1] ~$ uname  -r
3.10.0-1062.el7.x86_64
[root@node1] ~$ ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.9.131  netmask 255.255.255.0  broadcast 192.168.9.255
        inet6 fe80::5054:ff:fea3:3a2b  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:a3:3a:2b  txqueuelen 1000  (Ethernet)
        RX packets 2258110  bytes 139944428 (133.4 MiB)
        RX errors 0  dropped 6667  overruns 0  frame 0
        TX packets 1908  bytes 1736374 (1.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@node1] ~$ ping -c1 192.168.9.132
PING 192.168.9.132 (192.168.9.132) 56(84) bytes of data.
64 bytes from 192.168.9.132: icmp_seq=1 ttl=64 time=0.347 ms

--- 192.168.9.132 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.347/0.347/0.347/0.000 ms
[root@node1] ~$ telnet 192.168.9.132 8080
Trying 192.168.9.132...
Connected to 192.168.9.132.
Escape character is '^]'.
^]quit

telnet> quit
Connection closed.

登录192.168.9.132服务器,关闭网卡

# console登录node2
[root@kvm-1 ~]# virsh console node2
连接到域 node2
换码符为 ^]


[root@node2] ~$ ifconfig eth0
eth0: flags=4098<BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.9.132  netmask 255.255.255.0  broadcast 192.168.9.255
        ether 52:54:00:bb:16:68  txqueuelen 1000  (Ethernet)
        RX packets 202729  bytes 12367068 (11.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 215  bytes 21676 (21.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
[root@node2] ~$ ifconfig eth0 down

再次登录192.168.9.131服务器,已经拿不到192.168.9.132的mac地址

[root@node1] ~$ arping -c1 192.168.9.132
ARPING 192.168.9.132 from 192.168.9.131 eth0
Sent 1 probes (1 broadcast(s))
Received 0 response(s)

#ping提示Destination Host Unreachable
[root@node1] ~$ ping 192.168.9.132
PING 192.168.9.132 (192.168.9.132) 56(84) bytes of data.
From 192.168.9.131 icmp_seq=1 Destination Host Unreachable
From 192.168.9.131 icmp_seq=2 Destination Host Unreachable
From 192.168.9.131 icmp_seq=3 Destination Host Unreachable
From 192.168.9.131 icmp_seq=4 Destination Host Unreachable
^C
--- 192.168.9.132 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4002ms
pipe 4

[root@node1] ~$ telnet 192.168.9.132 8080
Trying 192.168.9.132...
telnet: connect to address 192.168.9.132: No route to host
经过不完整测试,telnet客户端访问的目标主机不可达时,提示No route to host还是Connection timed out和telnet客户端的内核版本有关,2.6.324.19.95的内核版本会提示Connection timed out

业务通过专线访问第三方机构,两侧入口均有防火墙,防火墙规则也可以做到2层不可达

登录192.168.9.132服务器,新增iptables规则

[root@node2] ~$ iptables -A INPUT  -s 192.168.9.131 -j REJECT --reject-with icmp-host-unreachable

iptables 选项 –reject-with 可选参数:

icmp-net-unreachable

icmp-host-unreachable

icmp-port-unreachable

icmp-proto-unreachable

icmp-net-prohibited

icmp-host-prohibited

tcp-reset

登录192.168.9.131服务器,可以获取192.168.9.132的mac地址,telnet返回No route to host

[root@node1] ~$ arping -c1 192.168.9.132
ARPING 192.168.9.132 from 192.168.9.131 eth0
Unicast reply from 192.168.9.132 [52:54:00:BB:16:68]  0.835ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

#ping提示Destination Host Unreachable
[root@node1] ~$ ping -c1 192.168.9.132
PING 192.168.9.132 (192.168.9.132) 56(84) bytes of data.
From 192.168.9.132 icmp_seq=1 Destination Host Unreachable

--- 192.168.9.132 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

[root@node1] ~$ telnet 192.168.9.132 8080
Trying 192.168.9.132...
telnet: connect to address 192.168.9.132: No route to host

延伸下,telnet什么情况会提示Network is unreachable?一般是telnet客户端所在服务器没有配置到访问IP地址的路由策略

登录192.168.9.131服务器,删除路由规则,telnet测试

[root@node1] ~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.9.1       0.0.0.0         UG    0      0        0 eth0
192.168.9.0       0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
[root@node1] ~$ ip r del default via 192.168.9.1
[root@node1] ~$ ip r del 192.168.9.0/24
[root@node1] ~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0

[root@node1] ~$ ping -c1 192.168.9.132
connect: Network is unreachable
[root@node1] ~$ telnet 192.168.9.132 8080
Trying 192.168.9.132...
telnet: connect to address 192.168.9.132: Network is unreachable

192.168.9.132防火墙配置策略也可以实现

[root@node2] ~$ iptables -A INPUT  -s 192.168.9.131 -j REJECT --reject-with icmp-net-unreachable

登录192.168.9.131服务器测试

[root@node1] ~$ ping -c1 192.168.9.132
PING 192.168.9.132 (192.168.9.132) 56(84) bytes of data.
From 192.168.9.132 icmp_seq=1 Destination Net Unreachable

--- 192.168.9.132 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

[root@node1] ~$ telnet 192.168.9.132 8080
Trying 192.168.9.132...
telnet: connect to address 192.168.9.132: Network is unreachable

Related

kvm虚拟机磁盘扩容
·2036 字·10 分钟
KVM Linux WindowsServer
nginx负载均衡apache+tomcat集群及session server cluster的实现
·327 字·2 分钟
Linux Tomcat
varnish缓存服务器的配置
·1095 字·6 分钟
Linux Varnish