"Connection refused" vs "No route to host"

20

6

I have an Apache server running on a server:

[root@te-srv2 ~]# ps -ecf|grep httpd
root       698 32047 TS   19 10:45 pts/24   00:00:00 grep httpd
root     32081     1 TS   19 10:16 ?        00:00:00 /usr/sbin/httpd
apache   32083 32081 TS   19 10:16 ?        00:00:00 /usr/sbin/httpd
apache   32084 32081 TS   19 10:16 ?        00:00:00 /usr/sbin/httpd
....

However, when I try to connect to local host I get "Connection refused":

[root@te-srv2 ~]# wget http://127.0.0.1
--2014-02-24 10:46:16--  http://127.0.0.1/
Connecting to 127.0.0.1:80... failed: Connection refused.

Same happens when I try to connect to the local IP address:

[root@te-srv2 ~]# wget http://132.70.6.157
--2014-02-24 10:46:40--  http://132.70.6.157/
Connecting to 132.70.6.157:80... failed: Connection refused.

On the other hand, when I try the same from another computer in the same network, I get a different error "No route to host":

[erelsgl@erel-biu ~]$ wget http://132.70.6.157
--2014-02-24 10:49:11--  http://132.70.6.157/
Connecting to 132.70.6.157:80... failed: No route to host.

Why am I getting these errors? And what should I do to be able to connect to the http server from both the same computer and other computers in the network?

UPDATES: Based on the comments and answers, here is some more information:

[root@te-srv2 ~]# traceroute 132.70.6.157
traceroute to 132.70.6.157 (132.70.6.157), 30 hops max, 60 byte packets
 1  te-srv2 (132.70.6.157)  0.082 ms  0.007 ms  0.005 ms

[erelsgl@erel-biu ~]$ traceroute 132.70.6.157
traceroute to 132.70.6.157 (132.70.6.157), 30 hops max, 60 byte packets
 1  te-srv2 (132.70.6.157)  0.446 ms !X  0.431 ms !X  0.420 ms !X

[root@te-srv2 ~]# netstat -lnp|grep http
tcp        0      0 :::443                      :::*                        LISTEN      5756/httpd

Erel Segal-Halevi

Posted 2014-02-24T08:49:11.490

Reputation: 1 445

Can you traceroute 132.70.6.157 from both servers and compare the output? – Werner Henze – 2014-02-24T10:29:37.973

1443 is the SSL-ports (https). Check your configuration to ensure you listen to http port 80. – Mikpa – 2014-02-24T13:17:43.120

Answers

13

Show the output of netstat -lnp, so we can see which processes are actually listening to which ports on the server, and what IP addresses they are bound to.

Regarding the second computer, its network connectivity looks broken. netstat -rn will give some insight on the problem there.

In order to give better advice, more details regarding general network configuration and IP configuration on both computers are needed.

Edit:

You have to change your Apache configuration so that it is a HTTP server, not SSL server. Configuration files are located under /etc/apache2 most of the time.

The IP configuration and network configuration information is still needed to analyze the other problem. The traceroute information didn't reveal anything.

Tero Kilkanen

Posted 2014-02-24T08:49:11.490

Reputation: 1 405

Indeed, there is no process listening to port 80! The Apache server listens on port 443. But why is this? – Erel Segal-Halevi – 2014-02-24T11:36:04.603

@ErelSegalHalevi: typically, 80 is HTTP, 443 is HTTPS (unless you change those default ports). So maybe the application only expects HTTPS ? – Olivier Dulac – 2014-02-24T13:48:23.367

Thanks to netstat, we found out that this was really a configuration problem in Apache. – Erel Segal-Halevi – 2014-02-24T17:47:45.277

26

"Connection refused" means that the target machine actively rejected the connection. With port 80 as the context, one of the following things is likely the reason:

  • Nothing is listening on 127.0.0.1:80 and 132.70.6.157:80
  • Nothing is listening on *:80
  • The firewall is blocking the connection with REJECT

So check your Apache and iptables config.

"No route to host" refers to a network problem. It is not a reply from the target machine.

Daniel B

Posted 2014-02-24T08:49:11.490

Reputation: 40 502

a network problem? so how can the same domain return "connection refused" for one and "no route to host" for another port, on the same domain? – phil294 – 2018-04-19T18:10:16.467

Maybe your firewall or proxy is blocking the other port so that's why network problem? – croraf – 2019-03-12T07:43:42.897

3

I found this post describing the issue I was facing when trying to setup a simple http page using nodejs on a Public Cloud compute node.

This command did the trick for me:

iptables -F

This command flushes i.e. clears the firewall rules that are setup inside the Linux system.

Word of caution: Since I use the distributed firewall that is part of the Public Cloud VCN, I didn't really use my OS's firewall. In case you do not have an external firewall, make sure to add a firewall rule in iptables.

Sanjeev Gopinath

Posted 2014-02-24T08:49:11.490

Reputation: 31

1

Citing Ron Maupin's answer from https://networkengineering.stackexchange.com/questions/33397/debugging-no-route-to-host-over-ethernet:

The ICMP message, "no route to host," means that ARP cannot find the layer-2 address for the destination host. Usually, this means that that the host with that IP address is not online or responding.

jan

Posted 2014-02-24T08:49:11.490

Reputation: 168

Asked: 2014-02-24T08:49:11.490

Viewed: 154 304 times

Active: 2018-06-14T09:23:31.987