[Freeipa-users] ipa installation problem
Petr Spacek
pspacek at redhat.com
Mon Jun 25 11:15:31 UTC 2012
On 06/19/2012 05:01 PM, george he wrote:
> Hello Rob,
> netstat |grep 443 returned nothing, but lsof -i :80 (or :443) returned things
> like this:
> httpd 4206 apache 5u IPv6 846355 TCP *:http (LISTEN)
> is the IPv6 here a problem?
> Thanks,
> George
"No route to host" can mean "No route to host" (= no record in ARP table) OR
"there is a firewall rule blocking this traffic" (caused by received ICMP packet).
"Connection refused" really means "Connection refused" :-) It can also point
to DNS resolution problem - name could be resolved to wrong IP, so connection
is refused by other machine than you think. Don't forget to check
/etc/resolv.conf and /etc/hosts.
Best way to debug network problems is wireshark and netcat. I recommend to run
wireshark on both ends and then do end-to-end tests with netcat.
Start netcat on single side and try to connect to it from other side.
root at server # nc -l 443
user at client # nc server.hostname.example 443
Type some garbage in and check if it arrives to other end. Check output from
wireshark in case of problems. Check if MAC addresses have expected values.
Petr^2 Spacek
>
> ------------------------------------------------------------------------------
> *From:* Rob Crittenden <rcritten at redhat.com>
> *To:* george he <george_he7 at yahoo.com>
> *Cc:* "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> *Sent:* Tuesday, June 19, 2012 10:43 AM
> *Subject:* Re: [Freeipa-users] ipa installation problem
>
> george he wrote:
> > Hello Rob,
> > Can it be that the httpd service is not running properly?
> > On all servers, I can only run wget on the server itself successfully...
> > At least on fc15, the client was able to contact the server, but the
> > connection was refused.
> > maybe the configuration part of httpd?
> > On other machines in the same lab, I have set up two web servers in the
> > "usual" way and they both run with no problem.
>
> I don't know what to tell you. This problem is independent of IPA. It
> means that the client doesn't know how to get to the server (no route to
> host)
>
> Connection refused would suggest that the server isn't accepting
> connections. You could use netstat to confirm that it is listening on
> ports 80 and 443, I think you'll find it is.
>
> IPA doesn't do anything particularly clever with the web server, just
> configures it to use mod_nss as an SSL listener. Since wget is using
> port 80 you aren't even using any changes made by IPA. And no route to
> host suggests it isn't even getting that far.
>
> You might try shutting down iptables on the server and client and try that.
>
> rob
>
> > Thanks,
> > George
> >
> > ------------------------------------------------------------------------
> > *From:* Rob Crittenden <rcritten at redhat.com <mailto:rcritten at redhat.com>>
> > *To:* george he <george_he7 at yahoo.com <mailto:george_he7 at yahoo.com>>
> > *Cc:* "freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>"
> <freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>>
> > *Sent:* Tuesday, June 19, 2012 9:32 AM
> > *Subject:* Re: [Freeipa-users] ipa installation problem
> >
> > george he wrote:
> > > Hello all,
> > > While waiting for more suggestions on my thread "is not an IPA v2
> > > Server", I tried to install ipa server on other machines running fc16
> > > and fc15.
> > > When server is on fc16, I get the same error as when it's on
> > fc17, wget
> > > failed: No route to host.
> > > when server is on fc15, wget still failed, but the reason was
> > > "Connection refused".
> > > Seems to me there's something else to do after running
> > > ipa-server-install on the server.
> >
> > This is unrelated to IPA. We do no network configuration changes,
> > only start services.
> >
> > The client is doing a simple wget which just issues an HTTP request.
> > The network stack is saying it can't talk to the IPA server so I'd
> > start there. wireshark might be helpful.
> >
> > rob
More information about the Freeipa-users
mailing list