VMware Communities
YogeshFegade
Contributor
Contributor
‎02-23-2012 11:55 PM
Jump to solution

I can ping guest-guest, but can't telnet guest-guest

Hello,

I have 3 VMs installed on my Windows-7 host - Linux, Linux and Windows-7. Network configuration is NAT for all VMs. I have added all 3 guest host names to all 4 machine's hosts file. I can ping from any of these machines to any other machine. But when I try to telnet from one linux VM to another linux VM, I get "No route to host" error message.

My aim is not to get telnet working but to check network connectivity. One linux machine has oracle database installed while the other linux machine has the SQL client application. I can't make the SQL client to connect to the database on the other machine.

May be I am approaching it from wrong angle. Any help would be appreciated.

--- Thanks and Regards Yogesh
0 Kudos
1 Solution

Accepted Solutions
markdv77
Enthusiast
Enthusiast
‎02-24-2012 11:43 AM
Jump to solution

Maybee your nc behaves a little different from mine, the "connnection .. succeeded" message is shown when I use -v. -z never produces output, the only way to know if it did or didn't connect is by looking at the exit code. But doesn't matter.

It finally hit me, one other way to get a "no route to host" - eventhough there obviously is one - is if the host is rejecting the connection with an ICMP host/port unreachable. That has to be it. The oracle box must have a firewall active and you need to get it to allow connections to port 1521.

I really should have thought of that sooner :S Guess I'm used to firewalls that use tcp-reset...

View solution in original post

0 Kudos
17 Replies
markdv77
Enthusiast
Enthusiast
‎02-24-2012 06:24 AM
Jump to solution

Do you use hostnames or ip-addresses with ping and telnet?

Double check that the hosts file entries have the correct IPs...

0 Kudos
YogeshFegade
Contributor
Contributor
‎02-24-2012 06:45 AM
Jump to solution

I have configured NAT network adapter on all VMs to have static IP address. All entried in all hosts file are correct (hostname & IP address match). I tried telnet using hostname as well as IP....fails in both cases. Ping on the other hand works in both cases.

The core problem that I am trying to solve is the SQL connection. I tried connecting to the database using hostname as well as IP address....fails both times.

Thanks.

--- Thanks and Regards Yogesh
0 Kudos
markdv77
Enthusiast
Enthusiast
‎02-24-2012 07:19 AM
Jump to solution

Weird. If you can ping there definitely is a route to the host.

After pinging run "arp -n" or "ip neigh show" and check that the mac address is the expected mac of the the other vm.

You didn't by any chance use the .2 address for one of the hosts did you?

0 Kudos
YogeshFegade
Contributor
Contributor
‎02-24-2012 08:05 AM
Jump to solution

Output of "ip neigh show" from the VM (SQL application) after pinging to Oracle Server shows:

        192.168.19.127 dev eth0 lladdr 00:0c:29:cb:c6:56 REACHABLE
        192.168.19.2 dev eth0 lladdr 00:50:56:fe:bb:f3 STALE

While that on the oracle server VM after pinging SQL application VM shows:

        192.168.19.126 dev eth0 lladdr 00:0c:29:b6:56:22 REACHABLE

        192.168.19.2 dev eth0 lladdr 00:50:56:fe:bb:f3 REACHABLE

Static ip addresses for these two linux VMs are: 192.168.19.127 & 192.168.19.126. See attached file.

--- Thanks and Regards Yogesh
Preview file
41 KB
0 Kudos
YogeshFegade
Contributor
Contributor
‎02-24-2012 09:17 AM
Jump to solution

Found another interesting thing:

From the oracle server VM (IP: 192.168.19.127), if I issue "nc -z 192.168.19.127 1521", I get following:

        Connection to 192.168.19.127 1521 port [tcp/ncube-lm] succeeded!

But if I issue same command form SQL application server (IP: 192.168.19.126), I don't get any output.

--- Thanks and Regards Yogesh
0 Kudos
markdv77
Enthusiast
Enthusiast
‎02-24-2012 10:22 AM
Jump to solution

What is 'nc -z' meant to show/prove? I don't think it's verry usefull as it won't show output either way...

Does a telnet from the SQL application server to 192.168.19.127 1521 still return "no route to host"?

0 Kudos
markdv77
Enthusiast
Enthusiast
‎02-24-2012 10:42 AM
Jump to solution

Never mind, I get it, you meant nc -v.

But if you can ping the host I really don't understand why telnet would report no route to host.

The arp entty looks correct and basically IS the route to the host. So it doesn't make sense.

I'd try a tcpdump on both hosts and then try a telnet and see if what is or isn't sent over the network.

If that doesn't show the problem perhaps a strace telnet ... to see exactly whats going on.

(I know telnet isn't your goal but it's a nice and simple tool to test basic tcp connectivity.)

0 Kudos
YogeshFegade
Contributor
Contributor
‎02-24-2012 10:59 AM
Jump to solution

Yup.

$ telnet 192.168.19.127 1521

Trying 192.168.19.127...

telnet: connect to address 192.168.19.127: No route to host

I ran nc -z to see if there any ports that I can communicate to....and I found port 22 on the oracle server. So if I issue same telnet command but to port 22, this is what I get:

$ telnet 192.168.19.127 22

Trying 192.168.19.127...

Connected to 192.168.19.127.

Escape character is '^]'.

SSH-2.0-OpenSSH_5.3

So, from SQL application VM I can telnet to Oracle Server VM on port 22 but not on 1521.

--- Thanks and Regards Yogesh
0 Kudos
YogeshFegade
Contributor
Contributor
‎02-24-2012 11:05 AM
Jump to solution

I am using Oracle Linux 6.2. Here nc has an argument -z:

     -z      Specifies that nc should just scan for listening daemons, without sending any
             data to them.  It is an error to use this option in conjunction with the -l
             option.
--- Thanks and Regards Yogesh
0 Kudos
YogeshFegade
Contributor
Contributor
‎02-24-2012 11:39 AM
Jump to solution

I did "telnet 192.168.19.127 1521" from 192.168.19.126.

tcpdump from SQL application server (IP: 192.168.19.126, Hostname: vishalgad)

$ sudo tcpdump -vv host 192.168.19.126 and 192.168.19.127
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:26:34.617071 IP (tos 0x10, ttl 64, id 21701, offset 0, flags [DF], proto TCP (6), length 60)
    vishalgad.53156 > torna.ncube-lm: Flags [S], cksum 0x1049 (correct), seq 4243122239, win 5840, options [mss 1460,sackOK,TS val 14793978 ecr 0,nop,wscale 6], length 0
13:26:34.617657 IP (tos 0xd0, ttl 64, id 7044, offset 0, flags [none], proto ICMP (1), length 88)
    torna > vishalgad: ICMP host torna unreachable - admin prohibited, length 68
IP (tos 0x10, ttl 64, id 21701, offset 0, flags [DF], proto TCP (6), length 60)
    vishalgad.53156 > torna.ncube-lm: Flags [S], cksum 0x1049 (correct), seq 4243122239, win 5840, options [mss 1460,sackOK,TS val 14793978 ecr 0,nop,wscale 6], length 0
13:26:39.618696 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has torna tell vishalgad, length 28
13:26:39.618954 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has vishalgad tell torna, length 46
13:26:39.618977 ARP, Ethernet (len 6), IPv4 (len 4), Reply vishalgad is-at 00:0c:29:b6:56:22 (oui Unknown), length 28
13:26:39.619026 ARP, Ethernet (len 6), IPv4 (len 4), Reply torna is-at 00:0c:29:cb:c6:56 (oui Unknown), length 46

tcpdump from oracle server  (IP: 192.168.19.127, Hostname: torna)

$ sudo tcpdump -vv host 192.168.19.126 and 192.168.19.127

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

13:26:34.618064 IP (tos 0x10, ttl 64, id 21701, offset 0, flags [DF], proto TCP (6), length 60)

    vishalgad.53156 > torna.ncube-lm: Flags [S], cksum 0x1049 (correct), seq 4243122239, win 5840, options [mss 1460,sackOK,TS val 14793978 ecr 0,nop,wscale 6], length 0

13:26:34.618116 IP (tos 0xd0, ttl 64, id 7044, offset 0, flags [none], proto ICMP (1), length 88)

    torna > vishalgad: ICMP host torna unreachable - admin prohibited, length 68

IP (tos 0x10, ttl 64, id 21701, offset 0, flags [DF], proto TCP (6), length 60)

    vishalgad.53156 > torna.ncube-lm: Flags [S], cksum 0x1049 (correct), seq 4243122239, win 5840, options [mss 1460,sackOK,TS val 14793978 ecr 0,nop,wscale 6], length 0

13:26:39.619311 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has vishalgad tell torna, length 28

13:26:39.619517 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has torna tell vishalgad, length 46

13:26:39.619530 ARP, Ethernet (len 6), IPv4 (len 4), Reply torna is-at 00:0c:29:cb:c6:56 (oui Unknown), length 28

13:26:39.619728 ARP, Ethernet (len 6), IPv4 (len 4), Reply vishalgad is-at 00:0c:29:b6:56:22 (oui Unknown), length 46

What does the line marked in red means? Is this the cause of this whole error?
--- Thanks and Regards Yogesh
0 Kudos
markdv77
Enthusiast
Enthusiast
‎02-24-2012 11:43 AM
Jump to solution

Maybee your nc behaves a little different from mine, the "connnection .. succeeded" message is shown when I use -v. -z never produces output, the only way to know if it did or didn't connect is by looking at the exit code. But doesn't matter.

It finally hit me, one other way to get a "no route to host" - eventhough there obviously is one - is if the host is rejecting the connection with an ICMP host/port unreachable. That has to be it. The oracle box must have a firewall active and you need to get it to allow connections to port 1521.

I really should have thought of that sooner :S Guess I'm used to firewalls that use tcp-reset...

0 Kudos
markdv77
Enthusiast
Enthusiast
‎02-24-2012 11:46 AM
Jump to solution

Ahh... you beat me too it. Smiley Happy And yes, the "admin-prohibited" is the problem. And it's a firewall on the oracle host.

Do a "iptables -nvL" in a root shell and you should see the rules...

YogeshFegade
Contributor
Contributor
‎02-24-2012 11:56 AM
Jump to solution

Thanks. Here it is:

$ iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination        
5116  663K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    4   336 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0          
3347  201K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0          
    7   420 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
  659 62988 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination        
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 8718 packets, 746K bytes)
pkts bytes target     prot opt in     out     source               destination        

Would you please help me in configuring this firewall (or point me to some websites) to fix this issue? I would appreciate it very much. I am not that expert in firewalls:-)

Thank you.

--- Thanks and Regards Yogesh
0 Kudos
markdv77
Enthusiast
Enthusiast
‎02-24-2012 12:03 PM
Jump to solution

Have a look at: http://www.securedba.com/securedba/2010/10/securing-oracle-enterprise-linux-part-7-configure-firewal...

You can either disable the firewall entirely (second screenshot), or add 1521 to the "other ports" list shown in the last screenshot.

YogeshFegade
Contributor
Contributor
‎02-24-2012 12:10 PM
Jump to solution

Thank you very much. I appreciate it a lot.

--- Thanks and Regards Yogesh
0 Kudos
milton123
Hot Shot
Hot Shot
‎02-24-2012 12:18 PM
Jump to solution

Have you enable telnet service in you linux machine? If not then follow the instraction..

If you are using Red Hat / Fedora Linux
The configuration file for telnet is /etc/xinetd.d/telnet. To enable telnet server you need to open this file and make sure disable = no read as disable = yes.
Alternately,
# chkconfig telnet onTo start telnet server type command:
# /etc/init.d/xinetd restart

milton123
0 Kudos
YogeshFegade
Contributor
Contributor
‎02-24-2012 12:26 PM
Jump to solution

Thanks. markdv77 Helped me solve the issue.

--- Thanks and Regards Yogesh
0 Kudos