# SSH problem - no route to host

## satimis

Hi all folks,

I encounter following problem after installing 'alsa-driver' making the sound server to work.

MachineA - RH9 (IP: 192.168.0.1) (server)

# ssh -X satimis@192.168.0.2

ssh: connect to host 192.168.0.2 port 22: Connection refused

(Remark : already running

# service iptables stop

# shorewall restart)

MacbineB - Gentoo (IP: 192.168.0.2) (client)

# ssh -X satimis@192.168.0.1

ssh: connect to host 192.168.0.1 port 22: No route to host

Before it worked without problem.  No change relating to SSH has been made.

Kindly advise.  Thanks

B.R.

satimis

----------

## adammc

is the network interface up/whats the output of ifconfig?

----------

## satimis

 *adammc wrote:*   

> is the network interface up/whats the output of ifconfig?

 

Hi,

Thanks for your response.

I doubt whether port 22 was occupied by the printer because I tested the printer before testing SSH

As advised I made following tests:-

MachineA - RH9 (IP : 192.168.0.1) - server

eth0 - connected to broadband

eth1 - connected to MachineB (Gentoo)

# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:50:BF:70:F6:DD

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:1374 errors:0 dropped:0 overruns:0 frame:0

          TX packets:933 errors:0 dropped:0 overruns:0 carrier:0

          collisions:1 txqueuelen:100

          RX bytes:214990 (209.9 Kb)  TX bytes:83450 (81.4 Kb)

          Interrupt:5

eth1      Link encap:Ethernet  HWaddr 00:07:40:00:4E:A9

          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:0 (0.0 b)  TX bytes:840 (840.0 b)

          Interrupt:11 Base address:0x2000

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:48 errors:0 dropped:0 overruns:0 frame:0

          TX packets:48 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:4036 (3.9 Kb)  TX bytes:4036 (3.9 Kb)

ppp0      Link encap:Point-to-Point Protocol

          inet addr:202.123.68.77  P-t-P:202.123.71.254  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1

          RX packets:1024 errors:0 dropped:0 overruns:0 frame:0

          TX packets:772 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3

          RX bytes:171397 (167.3 Kb)  TX bytes:56746 (55.4 Kb)

MachineB - Gentoo 1.4 (IP : 192.168.0.2)

Also has 2 NICs

eth0 - connected to Broadband when working as a standalone workstation

eth1 - connected to MachineA (RH9)

At time of test, no broadband connection made to eth0

# cat /etc/conf.d/net

iface_eth0="192.168.0.2 broadcast 192.168.0.255 netmask 255.255.255.0"

...

dhcpcd_eth0="..."

...

gateway="eth0/192.168.0.1"

...

# /etc/init.d/net.eth0 status

 * status:  started

# /etc/init.d/net.eth1 status

 * status:  started

# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:50:FC:6C:70:F7

          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0

          inet6 addr: fe80::250:fcff:fe6c:70f7/10 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:0 (0.0 b)  TX bytes:828 (828.0 b)

          Interrupt:11 Base address:0xd000

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:27079 errors:0 dropped:0 overruns:0 frame:0

          TX packets:27079 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:8708417 (8.3 Mb)  TX bytes:8708417 (8.3 Mb)

Broadband sharing was not working

B.R.

satimis

----------

## Chris W

 *satimis wrote:*   

> 
> 
> MacbineB - Gentoo (IP: 192.168.0.2) (client)
> 
> # ssh -X satimis@192.168.0.1
> ...

   This looks like MachineB has a routing problem - probably a default route that points at the ISP you sometimes connect the broadband interface to.  Machine B should have a default route pointing at MachineA, that is: 

```
MachineB $ netstat -r
```

 should show only one 'default'  entry and it should point at Machine A.  You use the 'route' command to manipulate this table.

When you connect Machine B to your ISP the PPP daemon will probably rewrite the default route to point to the ISP.  If this process is not reversed when you disconnect, Machine B will be left unable to talk to Machine A.

 *Quote:*   

> MachineA - RH9 (IP: 192.168.0.1) (server)
> 
> # ssh -X satimis@192.168.0.2
> 
> ssh: connect to host 192.168.0.2 port 22: Connection refused
> ...

 

Machine A cannot ssh to Machine B unless machine B is running sshd.  I'm guessing that is not the case so this message indicates correct operation.

----------

## satimis

 *Chris W wrote:*   

>  *satimis wrote:*   
> 
> MacbineB - Gentoo (IP: 192.168.0.2) (client)
> 
> # ssh -X satimis@192.168.0.1
> ...

 

Hi Chris,

# netstat -r

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

192.168.0.0     *               255.255.255.0   U        40 0          0 eth0

loopback        localhost.local 255.0.0.0       UG       40 0          0 lo

default         192.168.0.1     0.0.0.0         UG       40 0          0 eth0

[root@localhost root]#

When MachineB-Gentoo is used as a standalone workstation I manually edit

/etc/conf.d/net as follows

# cat /etc/conf.d/net

iface_eth0=â192.168.0.2 broadcast 192.168.0.255 netmask 255.255.255.0â

iface_eth0=âdhcpâ

dhcpcd_eth0=â...â

When MachineB-Gentoo as client and sharing broadband with MachineA-RH9, I manually edit /etc/conf.d/net as follows

# cat /etc/conf.d/net

iface_eth0="192.168.0.2 broadcast 192.168.0.255 netmask 255.255.255.0"

dhcpcd_eth0="..."

gateway="eth0/192.168.0.1"

B.R.

satimis

----------

## Chris W

Machine B's eth0 interface is not the one connected to Machine A via your local LAN.  In your second post you described your setup as something like this:

```

        Machine A           Machine B

        Redhat              Gentoo

ISP <-> eth0 (ppp0)         (ppp0) eth0 <-> ISP (sometimes)

        eth1 <----LAN---->  eth1
```

 The Machine A LAN address is 192.168.0.1 and Machine B is 192.168.0.2.  If that description was accurate then Machine B's /etc/conf/net should look like this: 

```
iface_eth0="up"

iface_eth1="192.168.0.2 broadcast 192.168.0.255 netmask 255.255.255.0"

gateway="eth1/192.168.0.1"
```

 and should not need to be changed during connection to your ISP (pppd should look after the default route).   Alternatively, your server could offer DHCP on the LAN and Machine B could pick up its address that way.

----------

## satimis

 *Chris W wrote:*   

> Machine B's eth0 interface is not the one connected to Machine A via your local LAN.  In your second post you described your setup as something like this:
> 
> ```
> 
>         Machine A           Machine B
> ...

 

Hi Chris,

That is correct

```

        Machine A           Machine B

        Redhat              Gentoo

ISP <-> eth0 (ppp0)         (ppp0) eth0 <-> ISP (sometimes)

        eth1 <----LAN---->  eth1
```

Making MachineB working as a standalone workstation, I need to comment out gateway="eth1/192.168.0.1 in following

```
iface_eth0="up"

iface_eth1="192.168.0.2 broadcast 192.168.0.255 netmask 255.255.255.0"

gateway="eth1/192.168.0.1"
```

otherwise I could not connect to Internet.  It will look at the gateway.

What I could not understand is 2 days ago with the same settings broadband sharing and SSH communicate worked seamlessly.  Now they can't work.  I have not changed any config.

B.R.

satimis

----------

## Chris W

The next time you connect MachineB to the Internet don't edit the /etc/conf.d/net file and collect the following output: 

```
# netstat -r

# ifconfig eth0

# ifconfig eth1

# ifconfig ppp0
```

  It'd also be interesting to see the DEFAULTROUTE setting from /etc/ppp/pppoe.conf (assuming you are using Roaring penguin PPPOE).

My guess is you get two default routes in the netstat output or pppoe is not overriding your default route.

----------

## satimis

 *Chris W wrote:*   

> The next time you connect MachineB to the Internet don't edit the /etc/conf.d/net file and collect the following output: 
> 
> ```
> # netstat -r
> 
> ...

 

Hi Chris,

The problem "ssh: connect to host 192.168.0.2 port 22: Connection refused" on MachineA-RH9 happened previously.  After trying several days it suddenly worked again.  But this time I have no luck.

Now I make a test on MachineB -Gentoo as per your advice;

# netstat -r

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

202.123.71.254  *               255.255.255.255 UH       40 0          0 ppp0

192.168.0.0     *               255.255.255.0   U        40 0          0 eth0

loopback        localhost.local 255.0.0.0       UG       40 0          0 lo

default         192.168.0.1     0.0.0.0         UG       40 0          0 eth0

# ifconfig eth0

eth0      Link encap:Ethernet  HWaddr 00:50:FC:6C:70:F7

          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0

          inet6 addr: fe80::250:fcff:fe6c:70f7/10 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:2079 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1565 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:1303983 (1.2 Mb)  TX bytes:446801 (436.3 Kb)

          Interrupt:11 Base address:0xd000

# ifconfig eth1

eth1      Link encap:Ethernet  HWaddr 00:50:FC:61:F3:94

          inet6 addr: fe80::250:fcff:fe61:f394/10 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:65 errors:0 dropped:0 overruns:0 frame:0

          TX packets:78 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:4126 (4.0 Kb)  TX bytes:4767 (4.6 Kb)

          Interrupt:10 Base address:0xf000

# ifconfig ppp0

ppp0      Link encap:Point-to-Point Protocol

          inet addr:202.123.68.226  P-t-P:202.123.71.254  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1

          RX packets:7 errors:0 dropped:0 overruns:0 frame:0

          TX packets:3 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3

          RX bytes:422 (422.0 b)  TX bytes:54 (54.0 b)

# cat /etc/ppp/pppoe.conf

#***********************************************************************

#

# pppoe.conf

#

# Configuration file for rp-pppoe.  Edit as appropriate and install in

# /etc/ppp/pppoe.conf

#

# NOTE: This file is used by the adsl-start, adsl-stop, adsl-connect and

#       adsl-status shell scripts.  It is *not* used in any way by the

#       "pppoe" executable.

#

# Copyright (C) 2000 Roaring Penguin Software Inc.

#

# This file may be distributed under the terms of the GNU General

# Public License.

#

# LIC: GPL

# $Id: pppoe.conf,v 1.10 2002/04/09 17:28:38 dfs Exp $

#***********************************************************************

# When you configure a variable, DO NOT leave spaces around the "=" sign.

# Ethernet card connected to ADSL modem

ETH='eth1'

# ADSL user name.  You may have to supply "@provider.com"  Sympatico

# users in Canada do need to include "@sympatico.ca"

# Sympatico uses PAP authentication.  Make sure /etc/ppp/pap-secrets

# contains the right username/password combination.

# For Magma, use xxyyzz@magma.ca

USER='satimis@icare.com.hk'

# Bring link up on demand?  Default is to leave link up all the time.

# If you want the link to come up on demand, set DEMAND to a number indicating

# the idle time after which the link is brought down.

DEMAND=no

#DEMAND=300

# DNS type: SERVER=obtain from server; SPECIFY=use DNS1 and DNS2;

# NOCHANGE=do not adjust.

DNSTYPE=SERVER

# Obtain DNS server addresses from the peer (recent versions of pppd only)

# In old config files, this used to be called USEPEERDNS.  Changed to

# PEERDNS for better Red Hat compatibility

PEERDNS=yes

DNS1=

DNS2=

# Make the PPPoE connection your default route.  Set to

# DEFAULTROUTE=no if you don't want this.

DEFAULTROUTE=yes

### ONLY TOUCH THE FOLLOWING SETTINGS IF YOU'RE AN EXPERT

# How long adsl-start waits for a new PPP interface to appear before

# concluding something went wrong.  If you use 0, then adsl-start

# exits immediately with a successful status and does not wait for the

# link to come up.  Time is in seconds.

#

# WARNING WARNING WARNING:

#

# If you are using rp-pppoe on a physically-inaccessible host, set

# CONNECT_TIMEOUT to 0.  This makes SURE that the machine keeps trying

# to connect forever after adsl-start is called.  Otherwise, it will

# give out after CONNECT_TIMEOUT seconds and will not attempt to

# connect again, making it impossible to reach.

CONNECT_TIMEOUT=30

# How often in seconds adsl-start polls to check if link is up

CONNECT_POLL=2

# Specific desired AC Name

ACNAME=

# Specific desired service name

SERVICENAME=

# Character to echo at each poll.  Use PING="" if you don't want

# anything echoed

PING="."

# File where the adsl-connect script writes its process-ID.

# Three files are actually used:

#   $PIDFILE       contains PID of adsl-connect script

#   $PIDFILE.pppoe contains PID of pppoe process

#   $PIDFILE.pppd  contains PID of pppd process

CF_BASE=`basename $CONFIG`

PIDFILE="/var/run/$CF_BASE-adsl.pid"

# Do you want to use synchronous PPP?  "yes" or "no".  "yes" is much

# easier on CPU usage, but may not work for you.  It is safer to use

# "no", but you may want to experiment with "yes".  "yes" is generally

# safe on Linux machines with the n_hdlc line discipline; unsafe on others.

SYNCHRONOUS=no

# Do you want to clamp the MSS?  Here's how to decide:

# - If you have only a SINGLE computer connected to the ADSL modem, choose

#   "no".

# - If you have a computer acting as a gateway for a LAN, choose "1412".

#   The setting of 1412 is safe for either setup, but uses slightly more

#   CPU power.

CLAMPMSS=1412

#CLAMPMSS=no

# LCP echo interval and failure count.

LCP_INTERVAL=20

LCP_FAILURE=3

# PPPOE_TIMEOUT should be about 4*LCP_INTERVAL

PPPOE_TIMEOUT=80

# Firewalling: One of NONE, STANDALONE or MASQUERADE

FIREWALL=STANDALONE

# Linux kernel-mode plugin for pppd.  If you want to try the kernel-mode

# plugin, use LINUX_PLUGIN=/etc/ppp/plugins/rp-pppoe.so

LINUX_PLUGIN=

# Any extra arguments to pass to pppoe.  Normally, use a blank string

# like this:

PPPOE_EXTRA=""

# Rumour has it that "Citizen's Communications" with a 3Com

# HomeConnect ADSL Modem DualLink requires these extra options:

# PPPOE_EXTRA="-f 3c12:3c13 -S ISP"

# Any extra arguments to pass to pppd.  Normally, use a blank string

# like this:

PPPD_EXTRA=""

########## DON'T CHANGE BELOW UNLESS YOU KNOW WHAT YOU ARE DOING

# If you wish to COMPLETELY overrride the pppd invocation:

# Example:

# OVERRIDE_PPPD_COMMAND="pppd call dsl"

# If you want adsl-connect to exit when connection drops:

# RETRY_ON_FAILURE=no

Connection to broadband made but I could not connect Internet

B.R/

satimis

----------

## Chris W

Well, the pppd is not overwriting the existing default route as I would have hoped from the pppoe.conf setting  :Sad: .   You can try creating the following files to cause appropriate changes on Machine B when the PPP link comes up or goes down: 

```
 root # ls -l /etc/ppp/ip-up /etc/ppp/ip-down

-rwx------    1 root     root          208 Nov 30 12:17 /etc/ppp/ip-down

-rwx------    1 root     root          206 Nov 30 12:17 /etc/ppp/ip-up

root # cat /etc/ppp/ip-up

#!/bin/sh

/sbin/route del default

/sbin/route add default gw ${5}

root # cat /etc/ppp/ip-down

#!/bin/sh

/sbin/route del default

/sbin/route add default gw MachineA

root #
```

  Both scripts are executed with the parameters: interface-name   tty-device  speed  local-IP-address  remote-IP-address ipparam.  "${5}" is the remote end of the PPP link.   Put MachineA's IP address instead of its name in the ip-down script unless MachineA is in the /etc/hosts or DNS.

----------

## satimis

 *Chris W wrote:*   

> Well, the pppd is not overwriting the existing default route as I would have hoped from the pppoe.conf setting .   You can try creating the following files to cause appropriate changes on Machine B when the PPP link comes up or goes down: 
> 
> ```
>  root # ls -l /etc/ppp/ip-up /etc/ppp/ip-down
> 
> ...

 

Hi Chris,

Thanks for your advice.   I got a new crossover cable to make this test

On MachineB -Gentoo 1.4 (IP: 192.168.0.2)

Made changes as per advice.

# cat /etc/ppp/ip-up

#!/bin/sh

# the followings parameters are available:

# $1 = interface-name

# $2 = tty-device

# $3 = speed

# $4 = local-IP-address

# $5 = remote-IP-address

# $6 = ipparam

/sbin/route del default

/sbin/route add default gw ${5}

# cat /etc/ppp/ip-down

#!/bin/sh

# the followings parameters are available:

# $1 = interface-name

# $2 = tty-device

# $3 = speed

# $4 = local-IP-address

# $5 = remote-IP-address

# $6 = ipparam

/sbin/route del default

/sbin/route add default gw 192.168.0.1

# cat /etc/conf.d/net

iface_eth0="192.168.0.2 broadcast 192.168.0.255 netmask 255.255.255.0"

#iface_eth1="207.170.82.202 broadcast 207.0.255.255 netmask 255.255.0.0"

iface_eth0="dhcp"

#dhcpcd_eth0="..."

#gateway="eth0/192.168.0.1"

# ls -l /etc/ppp/ip-up /etc/ppp/ip-down

-rwxr-xr-x    1 root     root          347 Dec  7 19:33 /etc/ppp/ip-down

-rwxr-xr-x    1 root     root          337 Dec  7 19:31 /etc/ppp/ip-up

# chmod -c 755 /etc/ppp/ip-up /etc/ppp/ip-down

# ls -l /etc/ppp/ip-up /etc/ppp/ip-down

-rwxr-xr-x    1 root     root          347 Dec  7 19:33 /etc/ppp/ip-down

-rwxr-xr-x    1 root     root          337 Dec  7 19:31 /etc/ppp/ip-up

I don't know why there are 2 'r's in 'rwxr'

# adsl-start

.. Connected!

# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:50:FC:6C:70:F7

          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0

          inet6 addr: fe80::250:fcff:fe6c:70f7/10 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:5498 errors:0 dropped:0 overruns:0 frame:0

          TX packets:4432 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:3072266 (2.9 Mb)  TX bytes:1011018 (987.3 Kb)

          Interrupt:11 Base address:0xd000

eth1      Link encap:Ethernet  HWaddr 00:50:FC:61:F3:94

          inet6 addr: fe80::250:fcff:fe61:f394/10 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:533 errors:0 dropped:0 overruns:0 frame:0

          TX packets:179 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:61236 (59.8 Kb)  TX bytes:10866 (10.6 Kb)

          Interrupt:10 Base address:0xf000

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:6 errors:0 dropped:0 overruns:0 frame:0

          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:300 (300.0 b)  TX bytes:300 (300.0 b)

ppp0      Link encap:Point-to-Point Protocol

          inet addr:202.123.68.62  P-t-P:202.123.71.254  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1

          RX packets:3 errors:0 dropped:0 overruns:0 frame:0

          TX packets:3 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3

          RX bytes:54 (54.0 b)  TX bytes:54 (54.0 b)

# ping -c 3 192.168.0.1

PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.

64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=0.516 ms

--- 192.168.0.1 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2005ms

rtt min/avg/max/mdev = 0.253/0.344/0.516/0.123 ms

MachineB can SSH MachineA-RH9.  X-window forwarding was possible

# ping -c 3 www.yahoo.com

ping: unknown host www.yahoo.com

# ping -c 3 www.google.com

ping: unknown host www.google.com

It seemed connected to broadband but in fact not connecting to ISP

On MachineA - RH9 (IP: 192.168.0.1)

# ssh -X satimis@192.168.0.2

ssh: connect to host 192.168.0.2 port 22: Connection refused

Only one way traffic.

B.R.

satimis

----------

