A host denying server role

On our plain vanilla LAN, one of the hosts can't be connected
as a server. The host in question, however, can do client access
to other hosts on the LAN.

In our simple plain vanilla Java client/server program, when
the server is run on the host in question, client program
throws a NoRouteToHostException which usually means
existence of a firewall or router-down. But these two problem
doesn't exist on our LAN.

Ping command works normally for both directions, i.e. from
other hosts to the problem host, and vice versa.

What could be the causes and solutions for such problem
in which a specific host can't be accessed as a server?

We use Fedora Core 3 on every hosts but installation on the
machine in question was done by some outside people whom
we can't reach now. SELINUX=disabled on every host on the LAN.

Thanks in advance and best regards,

FYR: Other server running on the host in question also can't
be accessed as a server. Here is nfs access from other host:

mount to NFS server '192.168.11.6' failed: server is down.

This 192.168.11.6 is the host that is neglecting server role.
NFS server daemon is certainly running on that host, though.

hiwa wrote:
> On our plain vanilla LAN, one of the hosts can't be connected
> as a server. The host in question, however, can do client access
> to other hosts on the LAN.
>
> In our simple plain vanilla Java client/server program, when
> the server is run on the host in question, client program
> throws a NoRouteToHostException which usually means
> existence of a firewall or router-down. But these two problem
> doesn't exist on our LAN.
>
> Ping command works normally for both directions, i.e. from
> other hosts to the problem host, and vice versa.
>
> What could be the causes and solutions for such problem
> in which a specific host can't be accessed as a server?
>
> We use Fedora Core 3 on every hosts but installation on the
> machine in question was done by some outside people whom
> we can't reach now. SELINUX=disabled on every host on the LAN.
>
> Thanks in advance and best regards,
>
> FYR: Other server running on the host in question also can't
> be accessed as a server. Here is nfs access from other host:
>
> mount to NFS server '192.168.11.6' failed: server is down.
>
> This 192.168.11.6 is the host that is neglecting server role.
> NFS server daemon is certainly running on that host, though.

Use tcpdump to examine the traffic. Be sure you have all the requisite
daemons running and firewall rules to allow UDP to pass.

--
bill davidsen <(E-Mail Removed)>
CTO TMR Associates, Inc
Doing interesting things with small computers since 1979

In the Usenet newsgroup comp.os.linux.networking, in article
<(E-Mail Removed)> , hiwa wrote:

>In our simple plain vanilla Java client/server program, when
>the server is run on the host in question, client program
>throws a NoRouteToHostException which usually means
>existence of a firewall or router-down. But these two problem
>doesn't exist on our LAN.

What about the firewall on the server?

>Ping command works normally for both directions, i.e. from
>other hosts to the problem host, and vice versa.

Yes - the network cables are connected, and no one is blocking IXMP

>FYR: Other server running on the host in question also can't
>be accessed as a server. Here is nfs access from other host:
>
>mount to NFS server '192.168.11.6' failed: server is down.

On 192.168.11.6 run the command '/sbin/iptables -Ln'

>This 192.168.11.6 is the host that is neglecting server role.
>NFS server daemon is certainly running on that host, though.

Firewall blocking UDP.

Old guy

Thanks Bill and Moe.

Here is tcpdump output when an nfs client access from other host failed:

16:11:10.761143 IP 192.168.11.2.638 > 192.168.11.6.sunrpc: S
2941380493:2941380493(0) win 5840 <mss 1460,sackOK,timestamp 14148312
0,nop,wscale 2>
16:11:10.761782 arp who-has 192.168.11.2 tell 192.168.11.6
16:11:10.821544 arp reply 192.168.11.2 is-at 00:a0:b0:45:67:f1
16:11:10.821601 IP 192.168.11.6 > 192.168.11.2: icmp 68: host
192.168.11.6 unreachable - admin prohibited

I wonder what this output is telling?

And here is /sbin/iptables -Ln output:

iptables: Table does not exist (do you need to insmod?)


Moe Trin wrote:

>
>What about the firewall on the server?
>
>
But, how could we know the state?

Still, I do not have any clue for this problem.
Would you give more help?
TIA

hiwa wrote:

>Thanks Bill and Moe.
>
>Here is tcpdump output when an nfs client access from other host failed:
>
>16:11:10.761143 IP 192.168.11.2.638 > 192.168.11.6.sunrpc: S
>2941380493:2941380493(0) win 5840 <mss 1460,sackOK,timestamp 14148312
>0,nop,wscale 2>
>16:11:10.761782 arp who-has 192.168.11.2 tell 192.168.11.6
>16:11:10.821544 arp reply 192.168.11.2 is-at 00:a0:b0:45:67:f1
>16:11:10.821601 IP 192.168.11.6 > 192.168.11.2: icmp 68: host
>192.168.11.6 unreachable - admin prohibited
>
>I wonder what this output is telling?
>
>And here is /sbin/iptables -Ln output:
>
>iptables: Table does not exist (do you need to insmod?)
>
>
>Moe Trin wrote:
>
>
>
>>What about the firewall on the server?
>>
>>
>>
>>
>But, how could we know the state?
>
>Still, I do not have any clue for this problem.
>Would you give more help?
>TIA
>
>
Eureka!

I've found the solution.
That is, a command called system-config-securitylevel enables/disables
firewall on Red Hat Linux and Fedora Core.

If disabled, a file called /etc/sysconfig/iptables disappears and any
server can be accessed henceforth.

Thanks Bill and Moe. Thanks again.