Oracle Labs by Yuri Khazin, Oracle DBA

May 16, 2016

Linux 6.7 telnet: connect to address x.x.x.x: No route to host

Filed under: Uncategorized — oraclelabs @ 15:39

You are trying to connect with telnet to a freshly unwrapped Red Hat Linux 6.7 (or a derivative, such as Oracle OEL). Why would you use such a commonly despised tool as telnet begs an explanation. Well telnet is still a useful diagnostics tool, sometimes you need to check if you can talk to a web server, to a mail server or, in our case, to Oracle listener on a particular port. And you may run into an interesting problem while trying (other than a fact you need to install telnet binaries as it is not usually included).

So you can ping the other host (which is a Linux 6.7), you can even ssh to it, but the telnet will give you “No route to host” message.

Since ping and ssh do work you rule out the gateway settings (/etc/sysconfig/network) on the client side, the routing table or client side firewall (well, it still could be just it). But a quick check on the target side will show that it’s indeed firewall issue. When you shut down the target’s firewall the telnet message will change to “Connection refused” that is, if you attepmpt to talk to a port where no process is listening. Telnet to a port 1521 returns Oracle listener response. Picture below illustrates just that.

image

So what to do now? We need to add a rule to the firewall on the target side for a particular protocol and port. For instance, port 1521 for Oracle’s listener. Here are the ‘out of the box’ rules:

image

Last rule in the INPUT chain is a reject rule. Adding more rules after it is pointless, the new rule has to be added before the ‘reject’.

iptables -I INPUT 5 -m state –state NEW -m tcp -p tcp –dport 1521 -j ACCEPT

This command will add a rule at a position 5 in the INPUT chain, pushing the last rule to position 6. That’s it. Save the iptables current configuration so it is preserved through reboot.

image

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: