Re: network unreachable
Captain's Log, stardate Fri, 17 Dec 2004 11:41:37 +0100, from the fingers of Alexandru Cabuz came the words:
> Hi,
>
> I got two computers in my office, both using Debian Sarge. One
> 2.6.9, the other 2.6.7.
>
> They both can ping the outside world (like google.com), but they
> can't ping each other. Let's call them machine A and machine B.
>
> When I try to ping B from A I get
> connect: Network is unreachable
>
> When I try to ping A from B I get
>> From [IP of machine B] icmp_seq=1 Destination Host Unreachable
>> From [IP of machine B] icmp_seq=2 Destination Host Unreachable
>> From [IP of machine B] icmp_seq=3 Destination Host Unreachable
>>
>
> and so on and so forth...
>
> I can browse the internet from both of them, read my mail, etc. But
> I can't for example ssh to either of them.
>
> I have even turned off the firewalls on both of them, and I still
> get this error. Something is weird, because I have installed sarge
> on both these machines numerous times and never have I gotten this
> kind of error...
>
> Any suggestions?
>
Have you allowed specific protocols through? Some firewalls block everything by default and then allow only what's specified. So in your case you are allowed to initiate an icmp connection with another machine (eg google.com) but google.com can't initiate an icmp connection with you.
It looks to me like you have opened tcp protocol connections but not icmp protocol connections... Now... i can tell you how to do this on OpenBSD's PF but i don't know about iptables... maybe someone else on the list can tell you how to do this?
For now you can try "tcptraceroute machineip" this will perform three tcp pings to each machine on the route to machine B rather than the standard icmp ping.
HTH
Regards,
Ken
Reply to: