×
05-01-04 01:33 AM

Hi everybody,

I'm trying to connect (from my xp box) through Putty (via ssh 2) to my linux
(fedora core) box, but i always have that error when trying.

Here's my config:

xp box: 192.168.1.50 mask 255.255.255.0 gw 192.168.1.1
Linux box: 192.168.1.200 mask 255.255.255.0 gw 192.168.1.1
My gateway is a linksys adsl router through which my machines are
inter-connected to each other and to the internet.

I can ping my linux box from my xp box. So when trying to connect through
putty... bang! I get that network error.

And yes, sshd is running on my linux box

I just added this to my hosts.allow file

sshd: 192.168.1. , LOCAL

and not better. Please help me to guide my searches... thank you all

Dan



 

Re: Network error: No route to host
Bob

05-03-04 07:33 AM

On 04/30/04 19:49 Daniel Mercier spoke:
> Hi everybody,
>
> I'm trying to connect (from my xp box) through Putty (via ssh 2) to my lin
ux
> (fedora core) box, but i always have that error when trying.
>
> Here's my config:
>
> xp box: 192.168.1.50 mask 255.255.255.0 gw 192.168.1.1
> Linux box: 192.168.1.200 mask 255.255.255.0 gw 192.168.1.1
> My gateway is a linksys adsl router through which my machines are
> inter-connected to each other and to the internet.
>
> I can ping my linux box from my xp box. So when trying to connect through
> putty... bang! I get that network error.
>
> And yes, sshd is running on my linux box
>
> I just added this to my hosts.allow file
>
> sshd: 192.168.1. , LOCAL
>
> and not better. Please help me to guide my searches... thank you all
>
> Dan

Can you ssh from your Linux machine to your Linux machine?

--
-------------------------------------------------------
Remove .NOSPAM from my email address to reply directly.

 

Re: Network error: No route to host
Daniel Mercier

05-03-04 08:33 PM

>
> Can you ssh from your Linux machine to your Linux machine?
>
 ========================================
====================
Thank you for your answer and excuse me for my lateness in replying...

I can only use ping from one machine to the other. I have sshd and httpd
running on my
linux box which I can reach from within it (with ssh and lynx). But I can't
from my xp box...

I just installed Ethereal on my xp box and following is the response from my
linux box
to ssh request by  xp box.

Frame 4 (90 bytes on wire, 90 bytes captured)
Arrival Time: May  3, 2004 10:19:09.587634000
Time delta from previous packet: 0.000223000 seconds
Time since reference or first frame: 0.000503000 seconds
Frame Number: 4
Packet Length: 90 bytes
Capture Length: 90 bytes
Ethernet II, Src: 00:04:ac:25: , Dst: 02:50:ba:1f:
Destination: 02:50:ba:1f:   (192.168.1.50)
Source: 00:04:ac:25:  (192.168.1.200)
Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.1.200 (192.168.1.200), Dst Addr:
192.168.1.50 (192.168.1.50)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN:
0x00)
1100 00.. = Differentiated Services Codepoint: Class Selector 6
(0x30)
... ..0. = ECN-Capable Transport (ECT): 0
... ...0 = ECN-CE: 0
Total Length: 76
Identification: 0x8e3c (36412)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
.0. = More fragments: Not set
Fragment offset: 0
Time to live: 255
Protocol: ICMP (0x01)
Header checksum: 0xa869 (correct)
Source: 192.168.1.200 (192.168.1.200)
Destination: 192.168.1.50 (192.168.1.50)
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 10 (Host administratively prohibited)
Checksum: 0x8163 (correct)
Internet Protocol, Src Addr: 192.168.1.50 (192.168.1.50), Dst Addr:
192.168.1.200 (192.168.1.200)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
... ..0. = ECN-Capable Transport (ECT): 0
... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0x43ea (17386)
Flags: 0x04
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
.0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x3293 (correct)
Source: 192.168.1.50 (192.168.1.50)
Destination: 192.168.1.200 (192.168.1.200)
Transmission Control Protocol, Src Port: 1201 (1201), Dst Port: 22 (22),
Seq: 422746175, Ack: 0
Source port: 1201 (1201)
Destination port: 22 (22)
Sequence number: 422746175
Header length: 28 bytes
Flags: 0x0002 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
.0. .... = Urgent: Not set
..0 .... = Acknowledgment: Not set
... 0... = Push: Not set
... .0.. = Reset: Not set
... ..1. = Syn: Set
... ...0 = Fin: Not set
Window size: 64240
Checksum: 0x4dab (correct)
Options: (8 bytes)
Maximum segment size: 1460 bytes
NOP
NOP
SACK permitted
 ========================================
=================
You'll understand that i'm new to networks and tcp/ip and i don't have the
skills to
interpret these output lines. Thank you

Dan




 

Re: Network error: No route to host
Darren Tucker

05-04-04 03:33 AM

In article <wKwlc.74839$zV4.784237@weber.videotron.net>,
[...]
>Internet Control Message Protocol
>    Type: 3 (Destination unreachable)
>    Code: 10 (Host administratively prohibited)
[...]
>You'll understand that i'm new to networks and tcp/ip and i don't have the
>skills to interpret these output lines. Thank you

The "administratively prohibited" ICMP means your connection was probably
blocked by a firewall or packet filter.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

 

Re: Network error: No route to host
Daniel Mercier

05-04-04 05:33 AM

 
> [...] 
the[vbcol=seagreen] 
>
> The "administratively prohibited" ICMP means your connection was probably
> blocked by a firewall or packet filter.

 ========================================
==============================
ok thanks... but now how can i check that out...i think i have iptables
running ... where can i have a look
to see where it blocks ??? i'm lost ... i don't know where to begin... Can
you help ? to at least guide me
where to start ?

Thanks

Dan



 

Re: Network error: No route to host
05-04-04 08:34 AM

In article <%ZElc.80020$zV4.1149642@weber.videotron.net>,
Daniel Mercier <daniel.mercier6@videotron.ca> wrote:
>ok thanks... but now how can i check that out...i think i have iptables
>running ... where can i have a look

That's a Linux/iptables configuration question not an SSH question, but
to get you started, as root try "iptables -L INPUT".  If your box is
Redhat, try the "lokkit" command.

>to see where it blocks ??? i'm lost ... i don't know where to begin... Can
>you help ? to at least guide me where to start ?

The iptables man page?

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

 

Re: Network error: No route to host
05-04-04 03:34 PM


> That's a Linux/iptables configuration question not an SSH question, but
> to get you started, as root try "iptables -L INPUT".
 
Can[vbcol=seagreen] 
>
> The iptables man page?

Thanks Darren. Now I know it was not an ssh pb, but while at it and since
you help me
in determining the source of the pb, here was the pb.

Effectively, Fedora added a custom chain policy at installation time on
iptables that was
telling the system to drop all incoming packets that were not ICMP... and to
"answer"
with ICMP packets eventhough the comm started with TCP or UDP. That custom
chain was RH-Firewall-1-INPUT and had number 6. So I deleted (for now) that
policy and everything is working fine...

Thanks again.

Dan



[ Post a follow-up to this message ]

 

Re: Network error: No route to host
05-04-04 03:34 PM

 
>
> That's a Linux/iptables configuration question not an SSH question, but
> to get you started, as root try "iptables -L INPUT".  If your box is
> Redhat, try the "lokkit" command.
> 
Can[vbcol=seagreen] 
>
> The iptables man page?


Thank you Darren... will start reading on this at the minute... ;o)