Host unreachable and I do not get why
I can not open a specific website. This is a website hosted by our company, and I know it is up. However, these are my symptoms:
VARIABLES: host.com - the website I can not open x.x.x.x - the IP of host.com 192.168.0.121 - the IP of my local machine 192.168.0.1 - the gateway IP that gives access to internet
- If I go to the browser and open
http://host.com, then it gives me an error (Unable to Connect in Firefox; Page not Available in Chrome)
- If I run
ping host.com, it returns:
PING host.com (x.x.x.x) 56(84) bytes of data. From 192.168.0.121 icmp_seq=1 Destination Host Unreachable From 192.168.0.121 icmp_seq=2 Destination Host Unreachable From 192.168.0.121 icmp_seq=3 Destination Host Unreachable
Please note that
192.168.0.121is the IP of my own machine.
- A traceroute will also fail miserably:
$ traceroute host.com traceroute to host.com (x.x.x.x), 30 hops max, 52 byte packets 1 192.168.0.121 (192.168.0.121) 3008.068 ms !H 3007.312 ms !H 3009.967 ms !H
And I have already checked the following:
- The website is available just fine from any other computer in our network
- If I try to ping or traceroute the IP directly, the results are the same
- This IP or website is not listed in my
- There is no firewall rule interfering. I even flushed all rules and tried again; same results.
What can it be?
Connectivity to this particular IP just came back. I can now connect to this website again. But this has happened before: I can connect, and then I cannot connect. It comes and goes, whereas for other computers in the network and for all other people in the public, this site is online all the time.
The problem is back. We just had an internet failure and have reset the router, and on all computers internet works just fine. On my computer, internet itself is also fine. It's just this particular domain name. I expect this to mysteriously work again in half an hour or so, but in the meantime I try to debug this issue. Here come some data as requested:
$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 $ nslookup host.com Server: 22.214.171.124 Address: 126.96.36.199#53 Non-authoritative answer: Name: host.com Address: x.x.x.x (this is the right IP) $ ip route get x.x.x.x x.x.x.x dev eth0 src 192.168.0.121 cache ipid 0xc740 rtt 1.71s rttvar 1.025s cwnd 10 $ ip route get 192.168.0.121 local 192.168.0.121 dev lo src 192.168.0.121 cache <local> ipid 0xf209
I take it that you can reach other servers just fine, so it's not that your local network configuration is not set up correctly or something like that?
Yes, I can connect to any other server or website just fine. And all other computers in the network can also do the same.
By the `traceroute` you posted tells me that your machine doesn't know how to get to `my-domain.com`, can you post `nslookup ` output and `netstat -rn`?
`Destination Host Unreachable` messages come from a lack of a route in the routing table. The next time you have this problem try looking at your routing table with `route`
Thanks for the comments! Now that this issue is mysteriously fixed, I can not test this. But I'll get back here when it happens again.
Your routing table is getting really messed up. your `ip route get x.x.x.x` command should have come back with `x.x.x.x via 192.168.0.1 dev eth0 src 192.168.0.121`. According to the output you got, your machine thinks x.x.x.x is on your local subnet. Unfortunately `netstat -rn` is woefully incomplete as the routing table is a LOT bigger than that. To get the full routing table you need to do `ip route show table all`.
- If I go to the browser and open
Is there a chance that your IP is duplicated on the network?
Given that you have done all of this testing the next step would be to use an intermediate hop in between and go to the website from your computer.
Use a free
proxyonline. There are several available. I have seen this issue before and it turned out that the IP was being
blackholedby the destination system for a period of time.
Fail2banhas the ability to block an IP for a specified amount of time.
If you can get there from an internet proxy then use a hop closer. Set a forward on another system inside your network, or SSH to another system and try to hit the site. If you still cannot, then the only variable left is the destination machine or the router in between.
Note: I am not a networking guy. But, possibly a cached arp listing with your IP and a different mac, something else on the router that has your IP is blocking it for some reason?
Things to try:
- Internet Proxy
- Intermediate hop
- Check / Clear your
- Boot from a Live CD and try the site
- ----this will take your OS out of the equation
- ----if the Live CD works - set your IP to be the same as normal
- Change your MAC address
- Setup a virtual interface eth0:1
Changing your MAC:
ifconfig -a | grep -i hwaddr
ifconfig eth0 down
ifconfig eth0 hw ether 00:00:00:00:00:00(replace with a different MAC)
ifconfig eth0 up
I just had the same idea - duplicate IP. But you are describing a duplicate MAC scenario ("Changing your MAC")?
I mentioned both. A duplicate IP and / or MAC. MAC address is the hardware address of your ethernet card. Once you connect to a router it is cached in its ARP database and likewise the systems that you talk to are cached in your ARP DB. If there is a bad entry that has your MAC listed by changing it you eliminate another possible "root cause"
If you did not change anything it must be something outside your control - my guess that this a router interfering or changing routes on the way to your target.
ip route get 192.168.1.121would be interesting, too. Your error-messages seem to indicate a local routing problem.
Update: This looks quite "normal" on your computer.
I just had the same idea as "LinuxlyChallenged": Duplicate IP or duplicate MAC.
To check for a duplicate IP:
ifconfig eth0 0.0.0.0 arping -D -c 3 -I eth0 192.168.1.121 [ $? -ne 0 ] && echo Bad luck - your IP is in use.
If this does not return "Bad luck..." - i.e. no one else answers your RARP, reconfigure your IP to eth0 and go ahead with changing your MAC (see answer from LinuxlyChallenged - section "Changing your MAC".
Thanks, I've just encountered the error again and have updated my post with new output. Please note: there is only one router that everybody at our company uses. All other people have no issues, just me.
I meet similarity problem, I ping github.com(188.8.131.52) fail.
~$ ping github.com PING github.com (184.108.40.206) 56(84) bytes of data. From 192.168.1.28 icmp_seq=1 Destination Host Unreachable From 192.168.1.28 icmp_seq=2 Destination Host Unreachable From 192.168.1.28 icmp_seq=3 Destination Host Unreachable
I found the key problem after I haven seen your comments
~$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 192.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
note that the third route means when I visit
192.xxx.xxx.xxx, It will be some error. so remote this route, then I ping
ping github.com PING github.com (220.127.116.11) 56(84) bytes of data. 64 bytes from 18.104.22.168: icmp_seq=1 ttl=43 time=235 ms 64 bytes from 22.214.171.124: icmp_seq=2 ttl=43 time=234 ms 64 bytes from 126.96.36.199: icmp_seq=3 ttl=43 time=235 ms