On 06/19/2012 05:01 PM, george he wrote:
Hello Rob,
netstat |grep 443 returned nothing, but lsof -i :80 (or :443) returned things
like this:
httpd 4206 apache 5u IPv6 846355 TCP *:http (LISTEN)
is the IPv6 here a problem?

"No route to host" can mean "No route to host" (= no record in ARP table) OR "there is a firewall rule blocking this traffic" (caused by received ICMP packet).

"Connection refused" really means "Connection refused" :-) It can also point to DNS resolution problem - name could be resolved to wrong IP, so connection is refused by other machine than you think. Don't forget to check /etc/resolv.conf and /etc/hosts.

Best way to debug network problems is wireshark and netcat. I recommend to run wireshark on both ends and then do end-to-end tests with netcat.

Start netcat on single side and try to connect to it from other side.

root@server # nc -l 443
user@client # nc server.hostname.example 443

Type some garbage in and check if it arrives to other end. Check output from wireshark in case of problems. Check if MAC addresses have expected values.

Petr^2 Spacek

    *From:* Rob Crittenden <rcrit...@redhat.com>
    *To:* george he <george_...@yahoo.com>
    *Cc:* "freeipa-users@redhat.com" <freeipa-users@redhat.com>
    *Sent:* Tuesday, June 19, 2012 10:43 AM
    *Subject:* Re: [Freeipa-users] ipa installation problem

    george he wrote:
     > Hello Rob,
     > Can it be that the httpd service is not running properly?
     > On all servers, I can only run wget on the server itself successfully...
     > At least on fc15, the client was able to contact the server, but the
     > connection was refused.
     > maybe the configuration part of httpd?
     > On other machines in the same lab, I have set up two web servers in the
     > "usual" way and they both run with no problem.

    I don't know what to tell you. This problem is independent of IPA. It
    means that the client doesn't know how to get to the server (no route to

    Connection refused would suggest that the server isn't accepting
    connections. You could use netstat to confirm that it is listening on
    ports 80 and 443, I think you'll find it is.

    IPA doesn't do anything particularly clever with the web server, just
    configures it to use mod_nss as an SSL listener. Since wget is using
    port 80 you aren't even using any changes made by IPA. And no route to
    host suggests it isn't even getting that far.

    You might try shutting down iptables on the server and client and try that.


     > Thanks,
     > George
     > ------------------------------------------------------------------------
     > *From:* Rob Crittenden <rcrit...@redhat.com <mailto:rcrit...@redhat.com>>
     > *To:* george he <george_...@yahoo.com <mailto:george_...@yahoo.com>>
     > *Cc:* "freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>"
    <freeipa-users@redhat.com <mailto:freeipa-users@redhat.com>>
     > *Sent:* Tuesday, June 19, 2012 9:32 AM
     > *Subject:* Re: [Freeipa-users] ipa installation problem
     > george he wrote:
     > > Hello all,
     > > While waiting for more suggestions on my thread "is not an IPA v2
     > > Server", I tried to install ipa server on other machines running fc16
     > > and fc15.
     > > When server is on fc16, I get the same error as when it's on
     > fc17, wget
     > > failed: No route to host.
     > > when server is on fc15, wget still failed, but the reason was
     > > "Connection refused".
     > > Seems to me there's something else to do after running
     > > ipa-server-install on the server.
     > This is unrelated to IPA. We do no network configuration changes,
     > only start services.
     > The client is doing a simple wget which just issues an HTTP request.
     > The network stack is saying it can't talk to the IPA server so I'd
     > start there. wireshark might be helpful.
     > rob

Freeipa-users mailing list

Reply via email to