Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


No route to host KVM VPS
New on LowEndTalk? Please Register and read our Community Rules.

No route to host KVM VPS

comXyzcomXyz Member
edited October 4 in Help

I have a KVM VPS running some lightweight services.
And in last few days the services stopped working, including a website on lighttpd

I can only access the VPS via SSH on port 22. All other ports that required to run my services saying "No route to host"

I checked iptables

iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

I checked NAT

iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    SNAT       all  --  6.10.98.0/24        !6.10.98.0/24         to:masked

I checked if the services are listening to the ports

ss -pt state listening 'sport = :80'
Recv-Q        Send-Q               Local Address:Port               Peer Address:Port        Process
0             1024                       0.0.0.0:http                    0.0.0.0:*            users:(("lighttpd",pid=1977,fd=4))
0             1024                          [::]:http                       [::]:*            users:(("lighttpd",pid=1977,fd=5))

Telnet from another VPS

telnet masked 80
Trying masked...
telnet: Unable to connect to remote host: No route to host

telnet masked 22
Trying masked...
Connected to masked.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.4p1 Debian-5

I have another VPS using the same setup, and it's working fine.

I tried to search for "Unable to connect to remote host: No route to host" but haven't found a way to fix it yet.

Have anyone got the same problem before? How to solve it?

Thanks.

Comments

  • rm_rm_ Member

    Some firewall on the host node, or even some weird DDoS-filtering? Did you try asking the provider?

    Thanked by 1jackb
  • comXyzcomXyz Member

    @rm_ said:
    Some firewall on the host node, or even some weird DDoS-filtering? Did you try asking the provider?

    I did, they said "This is not an issue on our end, it's with how you are configuring it."
    I tried to analyze but can't find any configuration causing it on the VPS

  • DPDP Member, The Domain Guy

    Try running SSH on 2 different ports, default and some other port, and see if you can reach that.

    Create an account on Dynadot via my referral link and spend $9.99 within 48 hours to receive $5 DynaDollars!

  • comXyzcomXyz Member

    @DP said:
    Try running SSH on 2 different ports, default and some other port, and see if you can reach that.

    I can SSH on 2 different ports: 500 and 22

    iptables -t nat -A PREROUTING -i eth0 -p tciptables -t nat -A PREROUTING -i eth0 -p tcp --dport 500 \
           -j REDIRECT --to-ports 22
    

    Telnet works too

    telnet masked 500
    Trying masked...
    Connected to masked.
    Escape character is '^]'.
    SSH-2.0-OpenSSH_8.4p1 Debian-5
    
  • jackbjackb Member, Provider

    Try running a traceroute or mtr to your vps. You'll probably see it's fine.

    This is most likely a firewall rule - perhaps a non iptables firewall inside your vps, or perhaps a firewall on the host.

    Afterburst - Awesome OpenVZ&KVM VPS in US+EU

  • comXyzcomXyz Member

    @jackb said:
    Try running a traceroute or mtr to your vps. You'll probably see it's fine.

    This is most likely a firewall rule - perhaps a non iptables firewall inside your vps, or perhaps a firewall on the host.

    It had been working well after I set up the services. And few days ago the services just stopped working without any changes inside the VPS.

    Beside iptables, which firewall should I check?

  • jackbjackb Member, Provider

    @comXyz said:

    @jackb said:
    Try running a traceroute or mtr to your vps. You'll probably see it's fine.

    This is most likely a firewall rule - perhaps a non iptables firewall inside your vps, or perhaps a firewall on the host.

    It had been working well after I set up the services. And few days ago the services just stopped working without any changes inside the VPS.

    Beside iptables, which firewall should I check?

    Firewalld is increasingly common. If you're on a modern system and didn't disable firewalld and configure iptables-services, chances are you're probably running firewalld instead of iptables.

    Thanked by 1comXyz

    Afterburst - Awesome OpenVZ&KVM VPS in US+EU

  • DPDP Member, The Domain Guy

    @comXyz said: Beside iptables, which firewall should I check?

    ufw?

    Never know.

    Thanked by 1comXyz

    Create an account on Dynadot via my referral link and spend $9.99 within 48 hours to receive $5 DynaDollars!

  • comXyzcomXyz Member
    edited October 4

    @jackb @DP

    Thanks for your support. It's Firewalld causing the issue.
    I uninsalled Firewalld and everything is working.

    The weird part is I have never touched firewalld, and the services just suddenly stopped working a few days ago.

  • Daniel15Daniel15 Member
    edited October 4

    @comXyz said: Beside iptables, which firewall should I check?

    Note that iptables is deprecated/legacy and is not recommended for use any more, although it'll take people a while to migrate away, like the migration from ipchains to iptables during the kernel 2.4/2.6 days.

    nftables is the more modern replacement. firewalld uses nftables which is why you didn't see any iptables rules.

    Thanked by 1comXyz
  • BTW lighttpd 1.4.60 got released 2 days ago. You can update to that version.

    Thanked by 1comXyz

    I sometimes end arguments early just by agreeing with them and saying sorry. My time is too short for any kind of conflict.

    Just another hosting control panel development discord server (https://discord.gg/9mepQ7frfM)

Sign In or Register to comment.