LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-30-2004, 03:41 AM   #1
keraj37
LQ Newbie
 
Registered: Sep 2004
Location: Poland
Distribution: Aurox
Posts: 4

Rep: Reputation: 0
Unhappy icmp 68: host anos unreachable - admin prohibited


ello, starting I'm sorry for my english:>


I connected 2 comps(anos and anos2 both on AUROX linux(10.0 and 9,3)) straight to interfacies eth0 (192.168.0.1) <--> eth0(192.168.0.2) by crossed cable rj-45.
Route table is set well. Pinging anos2 from anos and anos from anos2 says evertything is ok.
But when I'm tring to use some service (telnet) etc. it says "no route to host" ???
And comp which is server sends ICMP msg: "icmp 68: host anos unreachable - admin prohibited"

here are some info:

[root@anos root]# tcpdump -ext -c2 >>
00:05:5d:a2:a6:c7 > 00:a0:c9:72:30:c2, ethertype IPv4 (0x0800), length 74: IP anos2.1032 > anos.telnet: S 1647477230:1647477230(0) win 5840 <mss 1460,sackOK,timestamp 70521 0,nop,wscale 0>
0x0000: 4510 003c 9297 4000 4006 26c1 c0a8 0002 E..<..@.@.&.....etc

00:a0:c9:72:30:c2 > 00:05:5d:a2:a6:c7, ethertype IPv4 (0x0800), length 102: IP anos > anos2: icmp 68: host anos unreachable - admin prohibited
0x0000: 45d0 0058 7509 0000 ff01 c477 c0a8 0001 E..Xu......w.... etc

[root@anos root]# route >>
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.0.254 0.0.0.0 UG 0 0 0 eth0

How to "fix it" in order to make telnet(etc) session. I have no idea what to do.I'm newbie.
 
Old 09-30-2004, 06:53 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,826

Rep: Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591
Quote:
But when I'm tring to use some service (telnet) etc. it says "no route to host"
Perhaps you need to define one box (anos) as a gateway, because the default shown by route is the broadcast address of your network.
 
Old 09-30-2004, 07:46 AM   #3
keraj37
LQ Newbie
 
Registered: Sep 2004
Location: Poland
Distribution: Aurox
Posts: 4

Original Poster
Rep: Reputation: 0
i'll try but it should route any 192.168.0.x adresses to eth0, and there is no need for adding default route.

Thanks for tip
 
Old 09-30-2004, 11:31 AM   #4
keraj37
LQ Newbie
 
Registered: Sep 2004
Location: Poland
Distribution: Aurox
Posts: 4

Original Poster
Rep: Reputation: 0
I don't usualy talk to myself...but the solution is simply:
I had firewall enebled without any allows

It is fxed.
 
Old 09-24-2008, 10:06 AM   #5
DotHQ
Member
 
Registered: Mar 2006
Location: Ohio, USA
Distribution: Red Hat, Fedora, Knoppix,
Posts: 545

Rep: Reputation: 33
Quote:
Originally Posted by keraj37 View Post
I don't usualy talk to myself...but the solution is simply:
I had firewall enebled without any allows

It is fxed.
Old thread but when I did a google search this is the thread that showed up which was similar to my problem ....and just like you, the firewall was the issue. All fixed and good to go.
Thanks for answering your own question keraj37. It helped me out today.
 
Old 04-26-2012, 05:11 PM   #6
ActiveVideoOps
LQ Newbie
 
Registered: Apr 2012
Posts: 1

Rep: Reputation: Disabled
Smile

Quote:
Originally Posted by DotHQ View Post
Old thread but when I did a google search this is the thread that showed up which was similar to my problem ....and just like you, the firewall was the issue. All fixed and good to go.
Thanks for answering your own question keraj37. It helped me out today.
Old Thread but still useful to someone about every 4 years it seems as I just ran into this problem today and indeed it was the firewall! Thanks again for answering your own question 8 years ago!

Last edited by ActiveVideoOps; 04-26-2012 at 09:09 PM.
 
Old 09-22-2014, 04:15 PM   #7
keshavsp
LQ Newbie
 
Registered: Sep 2013
Posts: 4

Rep: Reputation: Disabled
I had the same issue - During TCP handshake the client would send a 'Destination Unreachable - Communication with Destination Host is Administratively Prohibited' (ICMP Type 3 Code 10) message. The handshake would complete but because of the ICMP message, server would send a reset (RST) without the actual application-level (HTTP, in my case) transaction taking place.

I had to add the following rule on the client to drop such ICMP packets:

Code:
iptables -A OUTPUT -p icmp -s <client IP> --icmp-type 3/10 -j DROP
From then on, the client and server were able to transact over application layer without any issues.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
icmp - host adminstratively prohibited? richyankee2005 Linux - Networking 1 02-24-2005 09:27 AM
Exim - 550 relaying to <user@host> prohibited by administrator jtelep Linux - Newbie 2 04-07-2004 12:16 PM
Host is unreachable Mikessu Linux - Networking 1 03-13-2004 11:49 AM
ICMP/SSH filtered by admin, how to still use those protocols Belize Linux - Networking 2 12-03-2003 04:58 PM
Host unreachable toolkit Linux - Networking 7 07-09-2002 12:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration