views:

659

answers:

4

I got a call from a tester about a machine that was failing our software. When I examined the problem machine, I quickly realized the problem was fairly low level: Inbound network traffic works fine. Basic outbound command like ping and ssh are working fine, but anything involving the connect() call is failing with "No route to host".

For example - on this particular machine this program will fail on the connect() statement for any IP address other than 127.0.0.1:

#!/usr/bin/perl -w
use strict;
use Socket;
my ($remote,$port, $iaddr, $paddr, $proto, $line);

$remote  = shift || 'localhost';
$port    = shift || 2345;  # random port
if ($port =~ /\D/) { $port = getservbyname($port, 'tcp') }
die "No port" unless $port;
$iaddr   = inet_aton($remote)           || die "no host: $remote";
$paddr   = sockaddr_in($port, $iaddr);

$proto   = getprotobyname('tcp');
socket(SOCK, PF_INET, SOCK_STREAM, $proto)      || die "socket: $!";
connect(SOCK, $paddr)    || die "connect: $!"; 
while (defined($line = <SOCK>)) {
    print $line;
}

close (SOCK)        || die "close: $!";
exit;

Any suggestions about where this machine is broken? It's running SUSE-10.2.

+1  A: 

Is the firewall turned off?

diciu
The firewall on the other machine appears to have been the problem. Thanks for the suggestions!
Mike Heinz
+2  A: 

I would check firewall configuration on that machine. It is possible for iptables (I guess your SUSE has iptables firewall) to be setup to let trough only ping ICMP packets.

axk
Yow! I think you have it right - but on the wrong machine.After thinking about it, I tried disabling the iptables on the machine that I though was "working" and the machine that was "broken" began working! Thanks!
Mike Heinz
A: 

Firewall is always possible, but it does say that ssh can connect, so that seems unlikely. I'd say have a look at the routes ("route" command on Linux), and make sure you don't have like two default routes, or weird ones or whatever. All in all I'd say test ping and ssh and your program on the same distant IP, and if they all fail, you have a route problem. If only your program fails, you probably have either a firewall problem or program problem :)

Florian
A: 

Try pointing connect() to the same host:port where your SSH command works. Also, keep in mind that some firewalls can apply different rules for different user accounts (and sometimes for different executables). Therefore, make sure you run ssh and your test app under the same user account and that SUID isn't set for SSH.

Alexander