[Novalug] LAN trouble

Eric Johnson eric.m.h.johnson@gmail.com
Wed Nov 20 21:33:46 EST 2013


Some useful tools to add to the mix would be tcpdump and route.

Tcpdump (the original wireshark) allows you to sniff the packets coming
over the wire for a particular interface.  Try something like `tcpdump -i
eth0`, or whatever interface the 192.168.1.XXX addresses are assigned to,
on both sides (sender and receiver).  You will probably need to install
tcpdump.

Also, double check your routing tables with `route -n`.  The "No route to
host" is indicative of a missing route (perhaps a default route).  Route
should already be installed; its modern variant is bundled into iproute2,
aka `ip route show`.

Eric


On Wed, Nov 20, 2013 at 2:56 PM, Jared Scott <jared@jaredscott.com> wrote:

> On redhat/centos the yum package for ssh is:
>
> For ssh (client):
> yum list openssh
>
> For sshd (server):
> yum list openssh-server
>
>
>
>
> On Wed, Nov 20, 2013 at 2:28 PM, Beartooth <beartooth@beartooth.info>wrote:
>
>> On Tue, 19 Nov 2013, greg pryzby wrote:
>>
>> > It could be something different because connection refused means
>> > network is working, but an ssh/iptables issue.
>> >   ping IP-ADDRESS-HERE
>>
>> [btth@Hbsk3 ~]$ ping 192.168.1.124
>> PING 192.168.1.124 (192.168.1.124) 56(84) bytes of data.
>> >From 192.168.1.105 icmp_seq=1 Destination Host Unreachable
>> >From 192.168.1.105 icmp_seq=2 Destination Host Unreachable
>> >From 192.168.1.105 icmp_seq=3 Destination Host Unreachable
>> >From 192.168.1.105 icmp_seq=4 Destination Host Unreachable
>> ^C
>> --- 192.168.1.124 ping statistics ---
>> 6 packets transmitted, 0 received, +4 errors, 100% packet loss,
>> time 5000ms
>> pipe 4
>> [btth@Hbsk3 ~]$
>>
>> > If ping works, then it is probably ssh or iptables
>> >   ssh -vvvv IP-ADDRESS-HERE
>>
>> [btth@Hbsk3 ~]$ ssh -vvvv 192.168.1.124
>> OpenSSH_6.1p1, OpenSSL 1.0.0-fips 29 Mar 2010
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug1: /etc/ssh/ssh_config line 50: Applying options for *
>> debug2: ssh_connect: needpriv 0
>> debug1: Connecting to 192.168.1.124 [192.168.1.124] port 22.
>> debug1: connect to address 192.168.1.124 port 22: No route to
>> host
>> ssh: connect to host 192.168.1.124 port 22: No route to host
>> [btth@Hbsk3 ~]$
>>
>> > It is possible that ssh isn't running, or it is getting denied before
>> > asking for password.
>> >
>> > On the machine not accepting the connection, you can check out if
>> > iptables is blocking
>> >   sudo iptables -L
>>
>>         Each is refusing the other.
>>
>>         Btw, this is not a new problem. It's just one I've
>> disremembered to ask.
>>
>>         When incommunicability strikes a pair, I may see either
>> connection refused or no route to host. I hadn't realized they
>> might be different problems.
>>
>>         My first response is normally to go to the second
>> machine, and run in the other direction.
>>
>>         If that succeeds, I try again from the first. If that
>> fails again, I try ssh back from inside the connection I got in
>> the first reversal.
>>
>>         Iptables gave great long responses (like eight screens)
>> on both. I can post one from the machine I'm on now, or email
>> myself from the other, or both, if asked.
>>
>> > If it isn't 'blank' (no rules), the easiest is to turn off the
>> > firewall and try again from client
>> >   sudo service iptables stop
>>
>>         Using a gnome-terminal tab in which I'm already root (no
>> sudo) I get an odd-looking response:
>>
>> [root@Hbsk3 ~]# service iptables stop
>> Redirecting to /bin/systemctl stop  iptables.service
>> [root@Hbsk3 ~]#
>>
>> > Here is how to allow ssh via iptables and tell if it is allowed
>> >
>> http://www.thegeekstuff.com/2011/03/iptables-inbound-and-outbound-rules/
>>
>>         Youchhh! I got less than halfway through that before
>> being utterly lost. And I'll have to tackle the one before it, at
>> least. I know as much about chains as I do about the love-life of
>> the inventors of cuneiform Hittite, or less.
>>
>>         Is there a site somewhere that explains the thoughts
>> first, before it opens the firehose of detail?
>>
>>         Btw, the broadest band I can get here (and have) is
>> cable; FiOS may come, someday ....
>>
>>         Just now, thanks to something on list today, I tried "yum
>> reinstall ssh" Both machines claimed to lack it. I have one of
>> them running "yum whatprovides ssh" now.
>>
>> --
>> Beartooth Staffwright, Not Quite Clueless Power User
>> Remember I know little (precious little!) of where up is.
>>
>> _______________________________________________
>> Novalug mailing list
>> Novalug@calypso.tux.org
>> http://calypso.tux.org/mailman/listinfo/novalug
>>
>
>
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/mailman/listinfo/novalug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20131120/ac74b844/attachment.htm>


More information about the Novalug mailing list