[lug] can ping the host, but can't ssh for a few seconds
David L. Anselmi
anselmi at anselmi.us
Mon Jul 9 18:18:09 MDT 2012
I agree with Steve.
Information from traceroute may be helpful, and descriptions about the devices along the way.
Michael Hirsch wrote:
> ssh: connect to host warsaw port 22: No route to host
The message means you got an ICMP host unreachable message. So you got to the router for the host's
network but then the host didn't answer when ARPed for its MAC. (If you hadn't gotten to the end of
the trail you'd have gotten a network unreachable message.)
So, is there a reason the host is slow to answer ARP? Or misses/mis-answers the first ARP?
Of course in this day and age there are lots of other possibilities. Perhaps SSH says host
unreachable for more than one kind of ICMP.
Sometimes firewalls will send an ICMP rather than dropping packets (REJECT vs DROP in iptables). So
it could be any device along the way interfering. It's weird to get intermittent behavior but who
knows--all kinds of state can be kept in iptables, and it can behave differently for ping and TCP.
What does wireshark show on both ends?
Here's a mean trick: you could probably set up iptables to send echo replies to any echo request
that comes in, and drop all TCP traffic. "I can ping everyone on the Internet but can't connect to
anyone."
Dave
More information about the LUG
mailing list