Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-30-2004, 03:41 AM
|
#1
|
LQ Newbie
Registered: Sep 2004
Location: Poland
Distribution: Aurox
Posts: 4
Rep:
|
icmp 68: host anos unreachable - admin prohibited
ello, starting I'm sorry for my english:>
I connected 2 comps(anos and anos2 both on AUROX linux(10.0 and 9,3)) straight to interfacies eth0 (192.168.0.1) <--> eth0(192.168.0.2) by crossed cable rj-45.
Route table is set well. Pinging anos2 from anos and anos from anos2 says evertything is ok.
But when I'm tring to use some service (telnet) etc. it says "no route to host" ???
And comp which is server sends ICMP msg: "icmp 68: host anos unreachable - admin prohibited"
here are some info:
[root@anos root]# tcpdump -ext -c2 >>
00:05:5d:a2:a6:c7 > 00:a0:c9:72:30:c2, ethertype IPv4 (0x0800), length 74: IP anos2.1032 > anos.telnet: S 1647477230:1647477230(0) win 5840 <mss 1460,sackOK,timestamp 70521 0,nop,wscale 0>
0x0000: 4510 003c 9297 4000 4006 26c1 c0a8 0002 E..<..@.@.&.....etc
00:a0:c9:72:30:c2 > 00:05:5d:a2:a6:c7, ethertype IPv4 (0x0800), length 102: IP anos > anos2: icmp 68: host anos unreachable - admin prohibited
0x0000: 45d0 0058 7509 0000 ff01 c477 c0a8 0001 E..Xu......w.... etc
[root@anos root]# route >>
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.0.254 0.0.0.0 UG 0 0 0 eth0
How to "fix it" in order to make telnet(etc) session. I have no idea what to do.I'm newbie.
|
|
|
09-30-2004, 06:53 AM
|
#2
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,201
|
Quote:
But when I'm tring to use some service (telnet) etc. it says "no route to host"
|
Perhaps you need to define one box (anos) as a gateway, because the default shown by route is the broadcast address of your network.
|
|
|
09-30-2004, 07:46 AM
|
#3
|
LQ Newbie
Registered: Sep 2004
Location: Poland
Distribution: Aurox
Posts: 4
Original Poster
Rep:
|
i'll try but it should route any 192.168.0.x adresses to eth0, and there is no need for adding default route.
Thanks for tip
|
|
|
09-30-2004, 11:31 AM
|
#4
|
LQ Newbie
Registered: Sep 2004
Location: Poland
Distribution: Aurox
Posts: 4
Original Poster
Rep:
|
I don't usualy talk to myself...but the solution is simply:
I had firewall enebled without any allows
It is fxed.
|
|
|
09-24-2008, 10:06 AM
|
#5
|
Member
Registered: Mar 2006
Location: Ohio, USA
Distribution: Red Hat, Fedora, Knoppix,
Posts: 548
Rep:
|
Quote:
Originally Posted by keraj37
I don't usualy talk to myself...but the solution is simply:
I had firewall enebled without any allows
It is fxed.
|
Old thread but when I did a google search this is the thread that showed up which was similar to my problem ....and just like you, the firewall was the issue. All fixed and good to go.
Thanks for answering your own question keraj37. It helped me out today.
|
|
|
04-26-2012, 05:11 PM
|
#6
|
LQ Newbie
Registered: Apr 2012
Posts: 1
Rep:
|
Quote:
Originally Posted by DotHQ
Old thread but when I did a google search this is the thread that showed up which was similar to my problem ....and just like you, the firewall was the issue. All fixed and good to go.
Thanks for answering your own question keraj37. It helped me out today.
|
Old Thread but still useful to someone about every 4 years it seems as I just ran into this problem today and indeed it was the firewall! Thanks again for answering your own question 8 years ago!
Last edited by ActiveVideoOps; 04-26-2012 at 09:09 PM.
|
|
|
09-22-2014, 04:15 PM
|
#7
|
LQ Newbie
Registered: Sep 2013
Posts: 4
Rep:
|
I had the same issue - During TCP handshake the client would send a 'Destination Unreachable - Communication with Destination Host is Administratively Prohibited' (ICMP Type 3 Code 10) message. The handshake would complete but because of the ICMP message, server would send a reset (RST) without the actual application-level (HTTP, in my case) transaction taking place.
I had to add the following rule on the client to drop such ICMP packets:
Code:
iptables -A OUTPUT -p icmp -s <client IP> --icmp-type 3/10 -j DROP
From then on, the client and server were able to transact over application layer without any issues.
|
|
|
All times are GMT -5. The time now is 04:21 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|