New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
No route to host KVM VPS
I have a KVM VPS running some lightweight services.
And in last few days the services stopped working, including a website on lighttpd
I can only access the VPS via SSH on port 22. All other ports that required to run my services saying "No route to host"
I checked iptables
iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
I checked NAT
iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 SNAT all -- 6.10.98.0/24 !6.10.98.0/24 to:masked
I checked if the services are listening to the ports
ss -pt state listening 'sport = :80'
Recv-Q Send-Q Local Address:Port Peer Address:Port Process
0 1024 0.0.0.0:http 0.0.0.0:* users:(("lighttpd",pid=1977,fd=4))
0 1024 [::]:http [::]:* users:(("lighttpd",pid=1977,fd=5))
Telnet from another VPS
telnet masked 80
Trying masked...
telnet: Unable to connect to remote host: No route to host
telnet masked 22
Trying masked...
Connected to masked.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.4p1 Debian-5
I have another VPS using the same setup, and it's working fine.
I tried to search for "Unable to connect to remote host: No route to host" but haven't found a way to fix it yet.
Have anyone got the same problem before? How to solve it?
Thanks.
Comments
Some firewall on the host node, or even some weird DDoS-filtering? Did you try asking the provider?
I did, they said "This is not an issue on our end, it's with how you are configuring it."
I tried to analyze but can't find any configuration causing it on the VPS
Try running SSH on 2 different ports, default and some other port, and see if you can reach that.
I can SSH on 2 different ports: 500 and 22
Telnet works too
Try running a traceroute or mtr to your vps. You'll probably see it's fine.
This is most likely a firewall rule - perhaps a non iptables firewall inside your vps, or perhaps a firewall on the host.
It had been working well after I set up the services. And few days ago the services just stopped working without any changes inside the VPS.
Beside iptables, which firewall should I check?
Firewalld is increasingly common. If you're on a modern system and didn't disable firewalld and configure iptables-services, chances are you're probably running firewalld instead of iptables.
ufw?
Never know.
@jackb @DP
Thanks for your support. It's Firewalld causing the issue.
I uninsalled Firewalld and everything is working.
The weird part is I have never touched firewalld, and the services just suddenly stopped working a few days ago.
Note that iptables is deprecated/legacy and is not recommended for use any more, although it'll take people a while to migrate away, like the migration from ipchains to iptables during the kernel 2.4/2.6 days.
nftables is the more modern replacement. firewalld uses nftables which is why you didn't see any iptables rules.
BTW lighttpd 1.4.60 got released 2 days ago. You can update to that version.