Problem:
I was getting the error “telnet: Unable to connect to remote host: No route to host” in RHEL 6.8 while trying to telnet the port numbers 111 and 2049 (these ports being used for NFS) from a machine to another machine 174.11.1.11 which was NFS server. Policies were already applied on the external firewall for communication between these two servers on these ports.
[root@TestServer root]# telnet 174.11.1.11 111 Trying 174.11.1.11... telnet: connect to address 174.11.1.11: No route to host telnet: Unable to connect to remote host: No route to host
Reason:
When it was diagnosed then I found that an internal firewall was enabled on the machine 174.11.1.11 that’s why I was not able to telnet the required ports.
Solution:
Add the two lines shown below in the file /etc/sysconfig/iptables to accept the request comping on these ports 111 and 2049.
[root@TestServer ~]# vi /etc/sysconfig/iptables .. .. .. -A INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT .. .. ..
After updating the /etc/sysconfig/iptables file restart the iptables service to enable the policies on the internal firewall.
[root@TestServer ~]# service iptables restart iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]
Check the policies by using the command iptables -L
[root@TestServer ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:krb524 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:personal-agent ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs ACCEPT udp -- anywhere anywhere state NEW udp dpt:nfs
Now check the required ports 111 and 2049 and you will be able to telnet these ports successfully.
[root@TestServer ~]# telnet 174.11.1.11 2049 Trying 174.11.1.11... Connected to 174.11.1.11. Escape character is '^]'. ^] telnet> quit Connection closed. [root@TestServer ~]# telnet 174.11.1.11 111 Trying 174.11.1.11... Connected to 174.11.1.11. Escape character is '^]'. ^] telnet> quit Connection closed.
Sophie Mary Agnes
Instead of editing /etc/sysconfig/iptables, you can use the command
# iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 2049 -j ACCEPT
# service iptables save