tags:

views:

659

answers:

4
+1  Q: 

Desperate networking question: Unix commands like ping, ssh, work fine but socket-based programs are failing in connect

I got a call from a tester about a machine that was failing our software. When I examined the problem machine, I quickly realized the problem was fairly low level: Inbound network traffic works fine. Basic outbound command like ping and ssh are working fine, but anything involving the connect() call is failing with "No route to host".

For example - on this particular machine this program will fail on the connect() statement for any IP address other than 127.0.0.1:

#!/usr/bin/perl -w
use strict;
use Socket;
my ($remote,$port, $iaddr, $paddr, $proto, $line);

$remote  = shift || 'localhost';
$port    = shift || 2345;  # random port
if ($port =~ /\D/) { $port = getservbyname($port, 'tcp') }
die "No port" unless $port;
$iaddr   = inet_aton($remote)           || die "no host: $remote";
$paddr   = sockaddr_in($port, $iaddr);

$proto   = getprotobyname('tcp');
socket(SOCK, PF_INET, SOCK_STREAM, $proto)      || die "socket: $!";
connect(SOCK, $paddr)    || die "connect: $!"; 
while (defined($line = <SOCK>)) {
    print $line;
}

close (SOCK)        || die "close: $!";
exit;

Any suggestions about where this machine is broken? It's running SUSE-10.2.

+1  A: 

Is the firewall turned off?

diciu  2008-09-18 19:42:40
The firewall on the other machine appears to have been the problem. Thanks for the suggestions!
Mike Heinz  2008-09-18 20:08:51
+2  A: 

I would check firewall configuration on that machine. It is possible for iptables (I guess your SUSE has iptables firewall) to be setup to let trough only ping ICMP packets.

axk  2008-09-18 19:43:09
Yow! I think you have it right - but on the wrong machine.After thinking about it, I tried disabling the iptables on the machine that I though was "working" and the machine that was "broken" began working! Thanks!
Mike Heinz  2008-09-18 20:08:21
A: 

Firewall is always possible, but it does say that ssh can connect, so that seems unlikely. I'd say have a look at the routes ("route" command on Linux), and make sure you don't have like two default routes, or weird ones or whatever. All in all I'd say test ping and ssh and your program on the same distant IP, and if they all fail, you have a route problem. If only your program fails, you probably have either a firewall problem or program problem :)

Florian  2008-09-18 20:08:46
A: 

Try pointing connect() to the same host:port where your SSH command works. Also, keep in mind that some firewalls can apply different rules for different user accounts (and sometimes for different executables). Therefore, make sure you run ssh and your test app under the same user account and that SUID isn't set for SSH.

Alexander  2008-09-18 20:38:35

related questions

How do I get the external IP of a socket in Python?
How Do Sockets Work in C?
How do you send and receive UDP packets in Java on a multihomed machine?
Can't Re-bind a socket to an existing IP/Port Combination
Reading from a socket in C#
Sockets and Processes in Java
Stream data (such as music) using PHP (or another language)
How to forcibly close a socket in TIME_WAIT?
How do I make persistent network sockets on Unix in Ruby?
What's the idiomatic way to do async socket programming in Delphi?
How do you minimize the number of threads used in a tcp server application?
WSACancelBlockingCall exception
C# Performance For Proxy Server (vs C++)
How to get your own (local) IP-Address from an udp-socket (C/C++)
Free Network Monitor
Reconnect logic with connectivity notifications
Maximum buffer length for sendto?
Configure a Java Socket to fail-fast on disconnect?
Sockets in Pascal
Firefox plugin - sockets
How can I determine the IP of my router/gateway in Java?
ActionScript 3.0 sockets can't reconnect
Reverse DNS in Ruby?
Asynchronous multi-direction server-client communication over the same open socket?
How to use the C socket API in C++ on z/OS