Solved

2 hosts on our subnet get "Connection refused"

Posted on 2002-07-18
5
275 Views
Last Modified: 2010-04-21
2 hosts on our subnet get "Connection refused"

When th1 tries to "telnet 10.16.82.146 80" i got an error "telnet: Unable to connect to remote host: Connection refused".

-----snoop result:
On bh3 (destination host) i can't snoop anything coming in thru the interface 10.16.82.146.
On th1 i could snoop the telnet traffic

# snoop -d qfe0 -x0 10.16.82.146
Using device /dev/qfe (promiscuous mode)
stt-thorium1-be-p -> smspull-piltel-3.sgp.sonerazed.net HTTP C port=29495

           0: 0800 20c8 6bf5 0800 20c7 7f58 0800 4500    .. .kõ.. ..X..E.
          16: 002c 26b3 4000 ff06 9c34 0a10 5232 0a10    .,&.@....4..R2..
          32: 5292 7337 0050 bd2c c115 0000 0000 6002    R.s7.P.,......`.
          48: 832c 6a4c 0000 0204 05b4                   .,jL......

smspull-piltel-3.sgp.sonerazed.net -> stt-thorium1-be-p HTTP R port=29495

           0: 0800 20c7 7f58 0800 20c8 6bf5 0800 4500    .. ..X.. .kõ..E.
          16: 0028 6e09 4000 ff06 54e2 0a10 5292 0a10    .(n.@...T...R...
          32: 5232 0050 7337 0000 0000 bd2c c116 5014    R2.Ps7.....,..P.
          48: 0000 0522 0000 5555 5555 5555              ..."..UUUUUU




-----Interfaces involved:
The relevant interface on Host "th1" is

qfe0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500
        inet 10.16.82.50 netmask fffffe00 broadcast 10.16.83.255


The relevant interface on Host "bh3" is

qfe0:17: flags=843<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        inet 10.16.82.146 netmask fffffe00 broadcast 10.16.83.255
0
Comment
Question by:eng40490
5 Comments
 

Expert Comment

by:bluez
ID: 7166760
I suggest this a possible framing issue /transport problem
Your ip looks ok you are on a /23 subnet
Telnet uses tcp and ip. connection refused on port 80 is at layer 4.  Check the duplexing of the nic, do not use auto change to 10/half
Also check the www port is 80 and not spoofing for eg 8080
tcp/ip is probably not binding correctly to the card.
you could try another card remove the card relink and add a new card.
do this first
#btmnt -w
cd /stand
cp unix unix.good
cd
btmnt -d
This will give you a good kernel
I hope this helps. If you have a packet analyzer you could capture some frames and check that encapsulation i correct
for example.
Flags: 0x80 802.3
Status 0.00
Packet Length:64
....
...etc.
What you are looking for is www encapsulation and source and destination address, what is more important is the frames FROM your destination address this will show the dynamic port and connection refused on port 80
0
 
LVL 3

Expert Comment

by:gandalf94305
ID: 7166808
Very dumb question: are you sure there is a web service running on port 80 on bh3?

If so, is there a firewall active on that host, causing connection refused for unauthorized clients? Does ping work both ways (th1 to bh3 and bh3 to th1)?

To rule out networking issues, try connecting to a different port on bh3 or try doing a reverse connection from bh3 to th1 (some port, e.g., plain telnet). If that succeeds, check netstat -an on bh3 to make sure the service is properly bound to the correct IP address *AND* port. A web service may be running but just bind to 127.0.0.1:80, thus not be available under the LAN address.

If that still doesn't give you any clue, check if there is IKE, SKIP or some other form of encryption running on your network interfaces. This normally denies connections if the other host does not talk encrypted or if it simply refuses connections.

That's my ideas on the topic. I'm curious to hear what the problem was :-).

Cheers,
--gandalf.
0
 

Author Comment

by:eng40490
ID: 7168533
working now. will update you if i find out what happened.
0
 
LVL 20

Expert Comment

by:tfewster
ID: 7921606
No comment has been added lately, so it's time to clean up this Topic Area.
I will leave a recommendation for this question in the Cleanup topic area as follows:

- PAQ & refund points

Please leave any comments here within the next 7 days

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

tfewster
Cleanup Volunteer
0
 

Accepted Solution

by:
SpideyMod earned 0 total points
ID: 7967229
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question