Home / server / Questions / 306176
In Process
Mridang Agarwalla
Asked: 2011-08-30 11:39:19 +0800 CST

Cannot Ssh to VM but can Ping it

  • 772

I have two VMs on a Ubuntu KVM host — www.example.com and uat.example. I can ping and SSH to my UAT server but I can't SSH to my WWW server even though I can ping it. The only thing that is different between the two VMs is the IP group.

  • The IP of the UAT server is: 59.134.127.155
  • The IP of the WWW server is: 168.127.204.236
  • The IP of the host KVM server is: 59.134.127.157

There's a bridge on the host KVM server through which all connections pass.

Here's my /etc/network/interfaces file:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet manual

# The primary bridge interface
auto br0
iface br0 inet static
      address 59.134.127.157
      netmask 255.255.255.248
      gateway 59.134.127.153
      bridge_ports eth0
      bridge_stp on
      bridge_fd 0
      bridge_maxwait 0

Here's the output of the links on KVM:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether bc:ae:c5:07:0e:d3 brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether bc:ae:c5:07:0e:d3 brd ff:ff:ff:ff:ff:ff
4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 1e:85:05:ba:0e:2e brd ff:ff:ff:ff:ff:ff
10: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:16:36:77:d0:17 brd ff:ff:ff:ff:ff:ff
16: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:16:36:06:4d:ba brd ff:ff:ff:ff:ff:ff
17: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:16:36:cb:8c:44 brd ff:ff:ff:ff:ff:ff

Here are my default routes on the KVM:

59.134.127.152/29 dev br0  proto kernel  scope link  src 59.134.127.157
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1
default via 59.134.127.153 dev br0  metric 100

I know that something is wrong here because when I do a traceroute from the host server to the UAT server, I get too many hops:

traceroute to www.example.com (168.127.204.236), 30 hops max, 60 byte packets
 1  59-134-127-153.cust.suomicom.fi (79.134.127.153)  4.245 ms  4.400 ms  4.388 ms
 2  * * *
 3  * * *
 ...
 ...
 ...
28  * * *
29  * * *
30  * * *

I can't seem to figure out this issue but if one of you could help me out, I'd be really grateful. I confident that this due to the network configuration in the KVM virtual bridge.

Thanks

linux networking kvm-virtualization

1 Answers

  1. If you can ping it it means there is tcp connectivity ; packet can reach the destination and traverse back -- which is good.

    Now just test if there is ssh service listening. 

    telnet server.ip 22

    you should get something like 

    Trying someIPaddress...
Connected to thatIPaddress.
Escape character is '^]'.
SSH-2.0-OpenSSH_X.Y YourDistro

    if that does not happen; there is chance that - service is not active on destination host - service is filtered

    Nmap can help you to detect if service is filtered; but at this point my bet would be you don't have openssh-server installed on those hosts; just ssh client.

    You can also check on those systems with something 

    netstat -nlp | grep ssh

    or

    lsof -i -n  |grep ssh | grep LISTEN

    if the service is active and listening...

    • 1