“Connection refused” vs “No route to host”,refusedroute
曾經在http://blog.csdn.net/bisal/article/details/42496583這篇博文中提到一個連接埠串連的驗證:
“ora10g@localhost.localdomain$telnet 172.101.19.57 1521
Trying 172.101.19.57...
telnet: connect to address 172.101.19.57: No route to host
如果連接埠未開,實際報錯:
ora10g@localhost.localdomain$telnet 172.27.19.56 1521
Trying 172.27.19.56...
telnet: connect to address 172.27.19.56: Connection refused
是不是防火牆的問題???
從資料庫伺服器關閉防火牆:
[root@dcsopen2Node ~]# service iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: nat mangle filter [ OK ]
iptables: Unloading modules: [ OK ]
再從遠程機器執行:
ora10g@localhost.localdomain$telnet 172.101.19.571521
Trying 172.101.19.57...
Connected to 172.101.19.57.
Escape character is '^]'.
說明連接埠已開,更重要的是,明確了,就是防火牆問題。”
通過實驗再次說明下“Connection refused”和“No route to host”的區別和問題診斷思路。
首先,網上有篇文章說明“Connection refused” vs “No route to host”(http://superuser.com/questions/720851/connection-refused-vs-no-route-to-host):
"Connection refused" means that the target machine actively rejected the connection. With port 80 as the context, one of the following things is likely the reason:
Nothing is listening on 127.0.0.1:80 and 132.70.6.157:80
Nothing is listening on *:80
The firewall is blocking the connection with REJECT
So check your Apache and iptables config.
"No route to host" refers to a network problem. It is not a reply from the target machine.
說的是“Connection refused”是目標主機明確拒絕了這次串連,有可能是該連接埠沒有啟動監聽,或者因為防火牆。“No route to host”則可能是一個網路問題,不是目標主機的回複。
一個實驗類比:
用戶端機器ip:172.1.1.1
目標機ip:172.1.2.1
1. 從用戶端telnet目標機的一個已啟動連接埠1521,但防火牆中未添加例外。
從172.1.1.1 telnet 172.1.2.1 1521,提示no route to host。
Trying 172.1.2.1...
telnet: connect to address 172.1.2.1: No route to host
在防火牆配置中iptables添加1521連接埠,telnet正常。
2. 從用戶端telnet目標機的一個未啟動監聽的連接埠
172.1.2.1的10001連接埠沒有啟用,netstat -an | grep 10001不存在。
從172.1.1.1 telnet 172.1.2.1 10001,提示connection refused。
Trying 172.1.2.1...
telnet: connect to address 172.1.2.1: Connection refused
結論:說明No route to host是防火牆的返回,先經過防火牆,不管連接埠有沒有。然後如果通過了防火牆,但監聽未啟動,則提示Connection refused的錯誤。