Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


No route to host KVM VPS
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

No route to host KVM VPS

comXyzcomXyz Member
edited October 2021 in Help

I have a KVM VPS running some lightweight services.
And in last few days the services stopped working, including a website on lighttpd

I can only access the VPS via SSH on port 22. All other ports that required to run my services saying "No route to host"

I checked iptables

iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

I checked NAT

iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    SNAT       all  --  6.10.98.0/24        !6.10.98.0/24         to:masked

I checked if the services are listening to the ports

ss -pt state listening 'sport = :80'
Recv-Q        Send-Q               Local Address:Port               Peer Address:Port        Process
0             1024                       0.0.0.0:http                    0.0.0.0:*            users:(("lighttpd",pid=1977,fd=4))
0             1024                          [::]:http                       [::]:*            users:(("lighttpd",pid=1977,fd=5))

Telnet from another VPS

telnet masked 80
Trying masked...
telnet: Unable to connect to remote host: No route to host

telnet masked 22
Trying masked...
Connected to masked.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.4p1 Debian-5

I have another VPS using the same setup, and it's working fine.

I tried to search for "Unable to connect to remote host: No route to host" but haven't found a way to fix it yet.

Have anyone got the same problem before? How to solve it?

Thanks.

Comments

  • rm_rm_ IPv6 Advocate, Veteran

    Some firewall on the host node, or even some weird DDoS-filtering? Did you try asking the provider?

    Thanked by 1jackb
  • @rm_ said:
    Some firewall on the host node, or even some weird DDoS-filtering? Did you try asking the provider?

    I did, they said "This is not an issue on our end, it's with how you are configuring it."
    I tried to analyze but can't find any configuration causing it on the VPS

  • DPDP Administrator, The Domain Guy

    Try running SSH on 2 different ports, default and some other port, and see if you can reach that.

  • @DP said:
    Try running SSH on 2 different ports, default and some other port, and see if you can reach that.

    I can SSH on 2 different ports: 500 and 22

    iptables -t nat -A PREROUTING -i eth0 -p tciptables -t nat -A PREROUTING -i eth0 -p tcp --dport 500 \
           -j REDIRECT --to-ports 22
    

    Telnet works too

    telnet masked 500
    Trying masked...
    Connected to masked.
    Escape character is '^]'.
    SSH-2.0-OpenSSH_8.4p1 Debian-5
    
  • jackbjackb Member, Host Rep

    Try running a traceroute or mtr to your vps. You'll probably see it's fine.

    This is most likely a firewall rule - perhaps a non iptables firewall inside your vps, or perhaps a firewall on the host.

  • @jackb said:
    Try running a traceroute or mtr to your vps. You'll probably see it's fine.

    This is most likely a firewall rule - perhaps a non iptables firewall inside your vps, or perhaps a firewall on the host.

    It had been working well after I set up the services. And few days ago the services just stopped working without any changes inside the VPS.

    Beside iptables, which firewall should I check?

  • jackbjackb Member, Host Rep

    @comXyz said:

    @jackb said:
    Try running a traceroute or mtr to your vps. You'll probably see it's fine.

    This is most likely a firewall rule - perhaps a non iptables firewall inside your vps, or perhaps a firewall on the host.

    It had been working well after I set up the services. And few days ago the services just stopped working without any changes inside the VPS.

    Beside iptables, which firewall should I check?

    Firewalld is increasingly common. If you're on a modern system and didn't disable firewalld and configure iptables-services, chances are you're probably running firewalld instead of iptables.

    Thanked by 1comXyz
  • DPDP Administrator, The Domain Guy

    @comXyz said: Beside iptables, which firewall should I check?

    ufw?

    Never know.

    Thanked by 1comXyz
  • comXyzcomXyz Member
    edited October 2021

    @jackb @DP

    Thanks for your support. It's Firewalld causing the issue.
    I uninsalled Firewalld and everything is working.

    The weird part is I have never touched firewalld, and the services just suddenly stopped working a few days ago.

  • Daniel15Daniel15 Veteran
    edited October 2021

    @comXyz said: Beside iptables, which firewall should I check?

    Note that iptables is deprecated/legacy and is not recommended for use any more, although it'll take people a while to migrate away, like the migration from ipchains to iptables during the kernel 2.4/2.6 days.

    nftables is the more modern replacement. firewalld uses nftables which is why you didn't see any iptables rules.

    Thanked by 1comXyz
  • BTW lighttpd 1.4.60 got released 2 days ago. You can update to that version.

    Thanked by 1comXyz
Sign In or Register to comment.