Host unreachable and I do not get why

  • I can not open a specific website. This is a website hosted by our company, and I know it is up. However, these are my symptoms:

    VARIABLES:
    host.com - the website I can not open
    x.x.x.x - the IP of host.com
    192.168.0.121 - the IP of my local machine
    192.168.0.1 - the gateway IP that gives access to internet
    
    • If I go to the browser and open http://host.com, then it gives me an error (Unable to Connect in Firefox; Page not Available in Chrome)
    • If I run ping host.com, it returns:
    PING host.com (x.x.x.x) 56(84) bytes of data.
    From 192.168.0.121 icmp_seq=1 Destination Host Unreachable
    From 192.168.0.121 icmp_seq=2 Destination Host Unreachable
    From 192.168.0.121 icmp_seq=3 Destination Host Unreachable
    

    Please note that 192.168.0.121 is the IP of my own machine.

    • A traceroute will also fail miserably:
    $ traceroute host.com 
    traceroute to host.com (x.x.x.x), 30 hops max, 52 byte packets  
    1  192.168.0.121 (192.168.0.121)  3008.068 ms !H  3007.312 ms !H  3009.967 ms !H
    

    And I have already checked the following:

    • The website is available just fine from any other computer in our network
    • If I try to ping or traceroute the IP directly, the results are the same
    • This IP or website is not listed in my /etc/hosts
    • There is no firewall rule interfering. I even flushed all rules and tried again; same results.

    What can it be?

    EDIT:

    Connectivity to this particular IP just came back. I can now connect to this website again. But this has happened before: I can connect, and then I cannot connect. It comes and goes, whereas for other computers in the network and for all other people in the public, this site is online all the time.

    EDIT 2:

    The problem is back. We just had an internet failure and have reset the router, and on all computers internet works just fine. On my computer, internet itself is also fine. It's just this particular domain name. I expect this to mysteriously work again in half an hour or so, but in the meantime I try to debug this issue. Here come some data as requested:

    $ netstat -rn
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 eth0
    192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
    
    
    $ nslookup host.com
    Server:     8.8.8.8
    Address:    8.8.8.8#53
    
    Non-authoritative answer:
    Name:   host.com
    Address: x.x.x.x (this is the right IP)
    
    $ ip route get x.x.x.x
    x.x.x.x dev eth0  src 192.168.0.121
        cache  ipid 0xc740 rtt 1.71s rttvar 1.025s cwnd 10
    
    $ ip route get 192.168.0.121
    local 192.168.0.121 dev lo  src 192.168.0.121
        cache <local>  ipid 0xf209
    

    I take it that you can reach other servers just fine, so it's not that your local network configuration is not set up correctly or something like that?

    Yes, I can connect to any other server or website just fine. And all other computers in the network can also do the same.

    By the `traceroute` you posted tells me that your machine doesn't know how to get to `my-domain.com`, can you post `nslookup ` output and `netstat -rn`?

    `Destination Host Unreachable` messages come from a lack of a route in the routing table. The next time you have this problem try looking at your routing table with `route`

    Thanks for the comments! Now that this issue is mysteriously fixed, I can not test this. But I'll get back here when it happens again.

    Your routing table is getting really messed up. your `ip route get x.x.x.x` command should have come back with `x.x.x.x via 192.168.0.1 dev eth0 src 192.168.0.121`. According to the output you got, your machine thinks x.x.x.x is on your local subnet. Unfortunately `netstat -rn` is woefully incomplete as the routing table is a LOT bigger than that. To get the full routing table you need to do `ip route show table all`.

  • Is there a chance that your IP is duplicated on the network?

    Given that you have done all of this testing the next step would be to use an intermediate hop in between and go to the website from your computer.

    Use a free proxy online. There are several available. I have seen this issue before and it turned out that the IP was being blacklisted blackholed by the destination system for a period of time.

    Fail2ban has the ability to block an IP for a specified amount of time.

    If you can get there from an internet proxy then use a hop closer. Set a forward on another system inside your network, or SSH to another system and try to hit the site. If you still cannot, then the only variable left is the destination machine or the router in between.

    Note: I am not a networking guy. But, possibly a cached arp listing with your IP and a different mac, something else on the router that has your IP is blocking it for some reason?

    Edit:

    Things to try:

    1. Internet Proxy
    2. Intermediate hop
    3. Check / Clear your arp cache
    4. Boot from a Live CD and try the site
    5. ----this will take your OS out of the equation
    6. ----if the Live CD works - set your IP to be the same as normal
    7. Change your MAC address
    8. Setup a virtual interface eth0:1

    Changing your MAC:
    ifconfig -a | grep -i hwaddr
    ifconfig eth0 down
    ifconfig eth0 hw ether 00:00:00:00:00:00 (replace with a different MAC)
    ifconfig eth0 up

    I just had the same idea - duplicate IP. But you are describing a duplicate MAC scenario ("Changing your MAC")?

    I mentioned both. A duplicate IP and / or MAC. MAC address is the hardware address of your ethernet card. Once you connect to a router it is cached in its ARP database and likewise the systems that you talk to are cached in your ARP DB. If there is a bad entry that has your MAC listed by changing it you eliminate another possible "root cause"

  • If you did not change anything it must be something outside your control - my guess that this a router interfering or changing routes on the way to your target.

    ip route get 192.168.1.121 would be interesting, too. Your error-messages seem to indicate a local routing problem.

    Update: This looks quite "normal" on your computer.

    I just had the same idea as "LinuxlyChallenged": Duplicate IP or duplicate MAC.

    To check for a duplicate IP:

    ifconfig eth0 0.0.0.0
    arping -D -c 3 -I eth0 192.168.1.121
    [ $? -ne 0 ] && echo Bad luck - your IP is in use.
    

    If this does not return "Bad luck..." - i.e. no one else answers your RARP, reconfigure your IP to eth0 and go ahead with changing your MAC (see answer from LinuxlyChallenged - section "Changing your MAC".

    Thanks, I've just encountered the error again and have updated my post with new output. Please note: there is only one router that everybody at our company uses. All other people have no issues, just me.

    @user1162541 looks normal - check for a duplicate IP - I updated my answer accordingly.

  • I meet similarity problem, I ping github.com(192.30.253.112) fail.

    ~$ ping github.com
    PING github.com (192.30.253.112) 56(84) bytes of data.
    From 192.168.1.28 icmp_seq=1 Destination Host Unreachable
    From 192.168.1.28 icmp_seq=2 Destination Host Unreachable
    From 192.168.1.28 icmp_seq=3 Destination Host Unreachable
    

    I found the key problem after I haven seen your comments

        ~$ netstat -rn
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eth0
    169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
    192.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 eth0
    

    note that the third route means when I visit 192.xxx.xxx.xxx, It will be some error. so remote this route, then I ping github.com successful.

    ping github.com
    PING github.com (192.30.253.112) 56(84) bytes of data.
    64 bytes from 192.30.253.112: icmp_seq=1 ttl=43 time=235 ms
    64 bytes from 192.30.253.112: icmp_seq=2 ttl=43 time=234 ms
    64 bytes from 192.30.253.112: icmp_seq=3 ttl=43 time=235 ms
    
  • I had the same issue, in my case, it was docker installed, which has a network called docker0 with ip 172.17.0.1.

    In my case I shut down the interface docker0 with the command sudo ifconfig docker0 down and every thing went well.

  • In my case the machine was a virtual machine in a proxmox hypervisor and the network card had a virtual lan (vlan) configuration set to tag 30. After removing this (no tag), I could ping the other machine successfully.

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM