No route to host for port 6379
I'm getting a "no route to host" error when I'm connecting a remote server to my Redis instance on another server.
Redis is definitely running and listening on port 6379. I can connect to it locally.
The server with Redis has this configured for iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N FORWARD_IN_ZONES
-N FORWARD_IN_ZONES_SOURCE
-N FORWARD_OUT_ZONES
-N FORWARD_OUT_ZONES_SOURCE
-N FORWARD_direct
-N FWDI_public
-N FWDI_public_allow
-N FWDI_public_deny
-N FWDI_public_log
-N FWDO_public
-N FWDO_public_allow
-N FWDO_public_deny
-N FWDO_public_log
-N INPUT_ZONES
-N INPUT_ZONES_SOURCE
-N INPUT_direct
-N IN_public
-N IN_public_allow
-N IN_public_deny
-N IN_public_log
-N OUTPUT_direct
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j OUTPUT_direct
-A FORWARD_IN_ZONES -g FWDI_public
-A FORWARD_OUT_ZONES -g FWDO_public
-A FWDI_public -j FWDI_public_log
-A FWDI_public -j FWDI_public_deny
-A FWDI_public -j FWDI_public_allow
-A FWDI_public -p icmp -j ACCEPT
-A FWDO_public -j FWDO_public_log
-A FWDO_public -j FWDO_public_deny
-A FWDO_public -j FWDO_public_allow
-A INPUT_ZONES -g IN_public
-A IN_public -j IN_public_log
-A IN_public -j IN_public_deny
-A IN_public -j IN_public_allow
-A IN_public -p icmp -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
netstat -rn
prints out:
0.0.0.0 178.xxx.xxx.1 0.0.0.0 UG 0 0 0 eth0
10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.136.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-e071bb9e15A
178.xxx.xxx.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
Is there anything misconfigured here, and how can I fix it so that remote servers can connect to port 6379
?
linux networking iptables
add a comment |
I'm getting a "no route to host" error when I'm connecting a remote server to my Redis instance on another server.
Redis is definitely running and listening on port 6379. I can connect to it locally.
The server with Redis has this configured for iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N FORWARD_IN_ZONES
-N FORWARD_IN_ZONES_SOURCE
-N FORWARD_OUT_ZONES
-N FORWARD_OUT_ZONES_SOURCE
-N FORWARD_direct
-N FWDI_public
-N FWDI_public_allow
-N FWDI_public_deny
-N FWDI_public_log
-N FWDO_public
-N FWDO_public_allow
-N FWDO_public_deny
-N FWDO_public_log
-N INPUT_ZONES
-N INPUT_ZONES_SOURCE
-N INPUT_direct
-N IN_public
-N IN_public_allow
-N IN_public_deny
-N IN_public_log
-N OUTPUT_direct
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j OUTPUT_direct
-A FORWARD_IN_ZONES -g FWDI_public
-A FORWARD_OUT_ZONES -g FWDO_public
-A FWDI_public -j FWDI_public_log
-A FWDI_public -j FWDI_public_deny
-A FWDI_public -j FWDI_public_allow
-A FWDI_public -p icmp -j ACCEPT
-A FWDO_public -j FWDO_public_log
-A FWDO_public -j FWDO_public_deny
-A FWDO_public -j FWDO_public_allow
-A INPUT_ZONES -g IN_public
-A IN_public -j IN_public_log
-A IN_public -j IN_public_deny
-A IN_public -j IN_public_allow
-A IN_public -p icmp -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
netstat -rn
prints out:
0.0.0.0 178.xxx.xxx.1 0.0.0.0 UG 0 0 0 eth0
10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.136.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-e071bb9e15A
178.xxx.xxx.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
Is there anything misconfigured here, and how can I fix it so that remote servers can connect to port 6379
?
linux networking iptables
add a comment |
I'm getting a "no route to host" error when I'm connecting a remote server to my Redis instance on another server.
Redis is definitely running and listening on port 6379. I can connect to it locally.
The server with Redis has this configured for iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N FORWARD_IN_ZONES
-N FORWARD_IN_ZONES_SOURCE
-N FORWARD_OUT_ZONES
-N FORWARD_OUT_ZONES_SOURCE
-N FORWARD_direct
-N FWDI_public
-N FWDI_public_allow
-N FWDI_public_deny
-N FWDI_public_log
-N FWDO_public
-N FWDO_public_allow
-N FWDO_public_deny
-N FWDO_public_log
-N INPUT_ZONES
-N INPUT_ZONES_SOURCE
-N INPUT_direct
-N IN_public
-N IN_public_allow
-N IN_public_deny
-N IN_public_log
-N OUTPUT_direct
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j OUTPUT_direct
-A FORWARD_IN_ZONES -g FWDI_public
-A FORWARD_OUT_ZONES -g FWDO_public
-A FWDI_public -j FWDI_public_log
-A FWDI_public -j FWDI_public_deny
-A FWDI_public -j FWDI_public_allow
-A FWDI_public -p icmp -j ACCEPT
-A FWDO_public -j FWDO_public_log
-A FWDO_public -j FWDO_public_deny
-A FWDO_public -j FWDO_public_allow
-A INPUT_ZONES -g IN_public
-A IN_public -j IN_public_log
-A IN_public -j IN_public_deny
-A IN_public -j IN_public_allow
-A IN_public -p icmp -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
netstat -rn
prints out:
0.0.0.0 178.xxx.xxx.1 0.0.0.0 UG 0 0 0 eth0
10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.136.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-e071bb9e15A
178.xxx.xxx.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
Is there anything misconfigured here, and how can I fix it so that remote servers can connect to port 6379
?
linux networking iptables
I'm getting a "no route to host" error when I'm connecting a remote server to my Redis instance on another server.
Redis is definitely running and listening on port 6379. I can connect to it locally.
The server with Redis has this configured for iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N FORWARD_IN_ZONES
-N FORWARD_IN_ZONES_SOURCE
-N FORWARD_OUT_ZONES
-N FORWARD_OUT_ZONES_SOURCE
-N FORWARD_direct
-N FWDI_public
-N FWDI_public_allow
-N FWDI_public_deny
-N FWDI_public_log
-N FWDO_public
-N FWDO_public_allow
-N FWDO_public_deny
-N FWDO_public_log
-N INPUT_ZONES
-N INPUT_ZONES_SOURCE
-N INPUT_direct
-N IN_public
-N IN_public_allow
-N IN_public_deny
-N IN_public_log
-N OUTPUT_direct
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j OUTPUT_direct
-A FORWARD_IN_ZONES -g FWDI_public
-A FORWARD_OUT_ZONES -g FWDO_public
-A FWDI_public -j FWDI_public_log
-A FWDI_public -j FWDI_public_deny
-A FWDI_public -j FWDI_public_allow
-A FWDI_public -p icmp -j ACCEPT
-A FWDO_public -j FWDO_public_log
-A FWDO_public -j FWDO_public_deny
-A FWDO_public -j FWDO_public_allow
-A INPUT_ZONES -g IN_public
-A IN_public -j IN_public_log
-A IN_public -j IN_public_deny
-A IN_public -j IN_public_allow
-A IN_public -p icmp -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
netstat -rn
prints out:
0.0.0.0 178.xxx.xxx.1 0.0.0.0 UG 0 0 0 eth0
10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.136.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-e071bb9e15A
178.xxx.xxx.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
Is there anything misconfigured here, and how can I fix it so that remote servers can connect to port 6379
?
linux networking iptables
linux networking iptables
asked Jan 25 at 0:39
AAAAAA
1093
1093
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
From the chain names, your configuration is using firewalld
which uses iptables
as backend and generates iptables
rules from its own configuration. Redhat provides a lot of documentation for its usage. For your case, providing access should be done with:
firewall-cmd --add-port=6379/tcp
This will probably be reflected like this in the iptables
rules:
# iptables -S -t filter | grep -w 6379
-A IN_public_allow -p tcp -m tcp --dport 6379 -m conntrack --ctstate NEW -j ACCEPT
This will grant temporarily access to redis running on the host. If you think you made a mistake, you can revert the configuration with:
firewall-cmd --reload
Once fine with the results, you can run again the same comment with the additonal option --permanent
to write the configuration instead of altering the rules, like this for a permanent setting:
firewall-cmd --permanent --add-port=6379/tcp
For later, you always need two commands to alter it permanently: once for the configuration, once for the running firewall (a firewall-cmd --reload
after a firewall-cmd --permanent ...
is good enough).
This solution assumes the redis service is really visible on the host, with a socket opened on the host, not only for example just inside Docker.
– A.B
Jan 27 at 12:10
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1398152%2fno-route-to-host-for-port-6379%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
From the chain names, your configuration is using firewalld
which uses iptables
as backend and generates iptables
rules from its own configuration. Redhat provides a lot of documentation for its usage. For your case, providing access should be done with:
firewall-cmd --add-port=6379/tcp
This will probably be reflected like this in the iptables
rules:
# iptables -S -t filter | grep -w 6379
-A IN_public_allow -p tcp -m tcp --dport 6379 -m conntrack --ctstate NEW -j ACCEPT
This will grant temporarily access to redis running on the host. If you think you made a mistake, you can revert the configuration with:
firewall-cmd --reload
Once fine with the results, you can run again the same comment with the additonal option --permanent
to write the configuration instead of altering the rules, like this for a permanent setting:
firewall-cmd --permanent --add-port=6379/tcp
For later, you always need two commands to alter it permanently: once for the configuration, once for the running firewall (a firewall-cmd --reload
after a firewall-cmd --permanent ...
is good enough).
This solution assumes the redis service is really visible on the host, with a socket opened on the host, not only for example just inside Docker.
– A.B
Jan 27 at 12:10
add a comment |
From the chain names, your configuration is using firewalld
which uses iptables
as backend and generates iptables
rules from its own configuration. Redhat provides a lot of documentation for its usage. For your case, providing access should be done with:
firewall-cmd --add-port=6379/tcp
This will probably be reflected like this in the iptables
rules:
# iptables -S -t filter | grep -w 6379
-A IN_public_allow -p tcp -m tcp --dport 6379 -m conntrack --ctstate NEW -j ACCEPT
This will grant temporarily access to redis running on the host. If you think you made a mistake, you can revert the configuration with:
firewall-cmd --reload
Once fine with the results, you can run again the same comment with the additonal option --permanent
to write the configuration instead of altering the rules, like this for a permanent setting:
firewall-cmd --permanent --add-port=6379/tcp
For later, you always need two commands to alter it permanently: once for the configuration, once for the running firewall (a firewall-cmd --reload
after a firewall-cmd --permanent ...
is good enough).
This solution assumes the redis service is really visible on the host, with a socket opened on the host, not only for example just inside Docker.
– A.B
Jan 27 at 12:10
add a comment |
From the chain names, your configuration is using firewalld
which uses iptables
as backend and generates iptables
rules from its own configuration. Redhat provides a lot of documentation for its usage. For your case, providing access should be done with:
firewall-cmd --add-port=6379/tcp
This will probably be reflected like this in the iptables
rules:
# iptables -S -t filter | grep -w 6379
-A IN_public_allow -p tcp -m tcp --dport 6379 -m conntrack --ctstate NEW -j ACCEPT
This will grant temporarily access to redis running on the host. If you think you made a mistake, you can revert the configuration with:
firewall-cmd --reload
Once fine with the results, you can run again the same comment with the additonal option --permanent
to write the configuration instead of altering the rules, like this for a permanent setting:
firewall-cmd --permanent --add-port=6379/tcp
For later, you always need two commands to alter it permanently: once for the configuration, once for the running firewall (a firewall-cmd --reload
after a firewall-cmd --permanent ...
is good enough).
From the chain names, your configuration is using firewalld
which uses iptables
as backend and generates iptables
rules from its own configuration. Redhat provides a lot of documentation for its usage. For your case, providing access should be done with:
firewall-cmd --add-port=6379/tcp
This will probably be reflected like this in the iptables
rules:
# iptables -S -t filter | grep -w 6379
-A IN_public_allow -p tcp -m tcp --dport 6379 -m conntrack --ctstate NEW -j ACCEPT
This will grant temporarily access to redis running on the host. If you think you made a mistake, you can revert the configuration with:
firewall-cmd --reload
Once fine with the results, you can run again the same comment with the additonal option --permanent
to write the configuration instead of altering the rules, like this for a permanent setting:
firewall-cmd --permanent --add-port=6379/tcp
For later, you always need two commands to alter it permanently: once for the configuration, once for the running firewall (a firewall-cmd --reload
after a firewall-cmd --permanent ...
is good enough).
answered Jan 27 at 12:09
A.BA.B
1,3781511
1,3781511
This solution assumes the redis service is really visible on the host, with a socket opened on the host, not only for example just inside Docker.
– A.B
Jan 27 at 12:10
add a comment |
This solution assumes the redis service is really visible on the host, with a socket opened on the host, not only for example just inside Docker.
– A.B
Jan 27 at 12:10
This solution assumes the redis service is really visible on the host, with a socket opened on the host, not only for example just inside Docker.
– A.B
Jan 27 at 12:10
This solution assumes the redis service is really visible on the host, with a socket opened on the host, not only for example just inside Docker.
– A.B
Jan 27 at 12:10
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1398152%2fno-route-to-host-for-port-6379%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown