begin quoting Gregory K. Ruiz-Ade as of Tue, Sep 12, 2006 at 10:03:26PM -0700: [snip] > So, then, it was a firewall issue. > > I've noticed lots of things tend to like to reject packets with "icmp- > host-prohibited" messages, which causes all sorts of entertaining > responses depending on the client software that's trying to connect. > > When you said "no route to host" I was going to reply first thing > with "Make sure your iptables aren't rejecting SSH packets on port > 22", as that's exactly the symptom we see with our RHEL boxes at > work. For most of our firewalling needs, I use: > > -j REJECT --reject-with icmp-host-prohibited > > instead of using DROP, primarily because you notice it nearly instantly. > > Glad you found the reason, even if I did have to just dig through 56 > messages to get here.
So this is just SSH reporting a bogus error message (or passing one on)? I would have expected "No response from host" for a DROP, not a "No route to host". But, of course, I didn't set up a little test subnet to try it out. I assumed -- there's that word again -- that error messages would give an indication as to the actual problem. Misleading error messages is _not_ what we should be adopting from Other Operating Systems. (Or I'm smoking something and it makes perfect sense to everyone else...) -- _ |\_ \| -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
