Hello,
I have 3 VMs installed on my Windows-7 host - Linux, Linux and Windows-7. Network configuration is NAT for all VMs. I have added all 3 guest host names to all 4 machine's hosts file. I can ping from any of these machines to any other machine. But when I try to telnet from one linux VM to another linux VM, I get "No route to host" error message.
My aim is not to get telnet working but to check network connectivity. One linux machine has oracle database installed while the other linux machine has the SQL client application. I can't make the SQL client to connect to the database on the other machine.
May be I am approaching it from wrong angle. Any help would be appreciated.
Maybee your nc behaves a little different from mine, the "connnection .. succeeded" message is shown when I use -v. -z never produces output, the only way to know if it did or didn't connect is by looking at the exit code. But doesn't matter.
It finally hit me, one other way to get a "no route to host" - eventhough there obviously is one - is if the host is rejecting the connection with an ICMP host/port unreachable. That has to be it. The oracle box must have a firewall active and you need to get it to allow connections to port 1521.
I really should have thought of that sooner :S Guess I'm used to firewalls that use tcp-reset...
Do you use hostnames or ip-addresses with ping and telnet?
Double check that the hosts file entries have the correct IPs...
I have configured NAT network adapter on all VMs to have static IP address. All entried in all hosts file are correct (hostname & IP address match). I tried telnet using hostname as well as IP....fails in both cases. Ping on the other hand works in both cases.
The core problem that I am trying to solve is the SQL connection. I tried connecting to the database using hostname as well as IP address....fails both times.
Thanks.
Weird. If you can ping there definitely is a route to the host.
After pinging run "arp -n" or "ip neigh show" and check that the mac address is the expected mac of the the other vm.
You didn't by any chance use the .2 address for one of the hosts did you?
Output of "ip neigh show" from the VM (SQL application) after pinging to Oracle Server shows:
While that on the oracle server VM after pinging SQL application VM shows:
192.168.19.126 dev eth0 lladdr 00:0c:29:b6:56:22 REACHABLE
192.168.19.2 dev eth0 lladdr 00:50:56:fe:bb:f3 REACHABLE
Static ip addresses for these two linux VMs are: 192.168.19.127 & 192.168.19.126. See attached file.
Found another interesting thing:
From the oracle server VM (IP: 192.168.19.127), if I issue "nc -z 192.168.19.127 1521", I get following:
Connection to 192.168.19.127 1521 port [tcp/ncube-lm] succeeded!
But if I issue same command form SQL application server (IP: 192.168.19.126), I don't get any output.
What is 'nc -z' meant to show/prove? I don't think it's verry usefull as it won't show output either way...
Does a telnet from the SQL application server to 192.168.19.127 1521 still return "no route to host"?
Never mind, I get it, you meant nc -v.
But if you can ping the host I really don't understand why telnet would report no route to host.
The arp entty looks correct and basically IS the route to the host. So it doesn't make sense.
I'd try a tcpdump on both hosts and then try a telnet and see if what is or isn't sent over the network.
If that doesn't show the problem perhaps a strace telnet ... to see exactly whats going on.
(I know telnet isn't your goal but it's a nice and simple tool to test basic tcp connectivity.)
Yup.
$ telnet 192.168.19.127 1521
Trying 192.168.19.127...
I ran nc -z to see if there any ports that I can communicate to....and I found port 22 on the oracle server. So if I issue same telnet command but to port 22, this is what I get:
$ telnet 192.168.19.127 22
Trying 192.168.19.127...
Connected to 192.168.19.127.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3
So, from SQL application VM I can telnet to Oracle Server VM on port 22 but not on 1521.
I am using Oracle Linux 6.2. Here nc has an argument -z:
I did "telnet 192.168.19.127 1521" from 192.168.19.126.
tcpdump from SQL application server (IP: 192.168.19.126, Hostname: vishalgad)
tcpdump from oracle server (IP: 192.168.19.127, Hostname: torna)
$ sudo tcpdump -vv host 192.168.19.126 and 192.168.19.127
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:26:34.618064 IP (tos 0x10, ttl 64, id 21701, offset 0, flags [DF], proto TCP (6), length 60)
vishalgad.53156 > torna.ncube-lm: Flags [S], cksum 0x1049 (correct), seq 4243122239, win 5840, options [mss 1460,sackOK,TS val 14793978 ecr 0,nop,wscale 6], length 0
13:26:34.618116 IP (tos 0xd0, ttl 64, id 7044, offset 0, flags [none], proto ICMP (1), length 88)
torna > vishalgad: ICMP host torna unreachable - admin prohibited, length 68
IP (tos 0x10, ttl 64, id 21701, offset 0, flags [DF], proto TCP (6), length 60)
vishalgad.53156 > torna.ncube-lm: Flags [S], cksum 0x1049 (correct), seq 4243122239, win 5840, options [mss 1460,sackOK,TS val 14793978 ecr 0,nop,wscale 6], length 0
13:26:39.619311 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has vishalgad tell torna, length 28
13:26:39.619517 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has torna tell vishalgad, length 46
13:26:39.619530 ARP, Ethernet (len 6), IPv4 (len 4), Reply torna is-at 00:0c:29:cb:c6:56 (oui Unknown), length 28
13:26:39.619728 ARP, Ethernet (len 6), IPv4 (len 4), Reply vishalgad is-at 00:0c:29:b6:56:22 (oui Unknown), length 46
Maybee your nc behaves a little different from mine, the "connnection .. succeeded" message is shown when I use -v. -z never produces output, the only way to know if it did or didn't connect is by looking at the exit code. But doesn't matter.
It finally hit me, one other way to get a "no route to host" - eventhough there obviously is one - is if the host is rejecting the connection with an ICMP host/port unreachable. That has to be it. The oracle box must have a firewall active and you need to get it to allow connections to port 1521.
I really should have thought of that sooner :S Guess I'm used to firewalls that use tcp-reset...
Ahh... you beat me too it. And yes, the "admin-prohibited" is the problem. And it's a firewall on the oracle host.
Do a "iptables -nvL" in a root shell and you should see the rules...
Thanks. Here it is:
Would you please help me in configuring this firewall (or point me to some websites) to fix this issue? I would appreciate it very much. I am not that expert in firewalls:-)
Thank you.
Have a look at: http://www.securedba.com/securedba/2010/10/securing-oracle-enterprise-linux-part-7-configure-firewal...
You can either disable the firewall entirely (second screenshot), or add 1521 to the "other ports" list shown in the last screenshot.
Thank you very much. I appreciate it a lot.
Have you enable telnet service in you linux machine? If not then follow the instraction..
If you are using Red Hat / Fedora Linux
The configuration file for telnet is /etc/xinetd.d/telnet. To enable telnet server you need to open this file and make sure disable = no read as disable = yes.
Alternately,
# chkconfig telnet on
To start telnet server type command:
# /etc/init.d/xinetd restart
Thanks. markdv77 Helped me solve the issue.