Host list: connection timed out
-
@Wayne-Workman I send you the mail address.
Regarding our little issue I added to firewall rules to our Win7 clients:
- Allow incoming ICMPv4
- Allow incoming for FOGService
I can ping the clients by hostname from the FOG server but they still show up as
Connection timed out.
in the host list.
And isn’t port 445 already used by a lot of system services likeNetlogon
,File and Printer Sharing
,Remote Service Management
, etc.? -
@alh the FOG Ping service does not do a traditional ping, it uses port 445.
-
@Tom-Elliott Is this the same port for linux, like ubuntu 16.04 or debian 8? I also have the connection time out issue in the host menue.
If i enable the ufw firewall on ubutu and allow the port 445, the status changes from “connection timeout” to “connection refused”
I allowed these ports. (22 for ssh, 445 for the fog ping)
To Action From -- ------ ---- 22 ALLOW IN Anywhere 445 ALLOW IN Anywhere 22 (v6) ALLOW IN Anywhere (v6) 445 (v6) ALLOW IN Anywhere (v6) ```
-
@justeverything FOG uses port 445 to do ping.
Yes, it’s the same port number regardless of OS. How that port responds on different OS’ I cannot say.
-
@Tom-Elliott do you have any idea what I can try to fix this except opening the port on the host?
-
@justeverything If the port isn’t open on the host then it can’t communicate, simple as that, to be honest. It’s like trying to call someone who put everyone on a blocklist.
-
Or more accurately, it’s like calling a number that’s been removed from use. You could re-apply it relatively easily, but if you’re shying away from keeping it available for whatever reason, NO ONE will be able to call it to begin with.
-
@Tom-Elliott So to be clear here, this isn’t a traditional ICMP ping which is on the OSI layer 3 (IP) but instead a layer 4 port level connection test.
That is interesting idea. It would also be interesting to know how a linux or any other non-windows box would respond (assuming that samba was not loaded on a windows machine). To the connect request to port 445. I could see the device sending a nak back to the FOG server. Which I would guess is also a success response too.
-
@george1421 It’s a NetBIOS port (number 445) by default. As for if it’s usable or not on linux, well I don’t know. To be fair, I followed what was already in place, just neatened up the code base.
-
@Tom-Elliott Not throwing shade as the young folks would say on this. Its just a different concept and something we should be aware of if we are expecting an icmp ping. I just did a quick check at my office and I have linux machines that have samba and no samba installed so I can confirm / test if they respond as a windows machine does to a port level ping.
I have a meeting in a few minutes and will test afterwards.
-
If you don’t want to enable the port, you don’t have to. Understand the “ping” status is just a nicety and has no bearing on actual availability of a machine or any functionality of how FOG will operate.
-
@Tom-Elliott yes, I can confirm this - I don’t have to enable the ports, but I want to. I like this feature very much and it would be sad If I won’t be able to use it.
The problem with my setup is that it says “connection refused” although I enabled the port 445 both on the server and the host via ufw firewall.
Server OS is the latest debian 8 and Client OS is the latest Ubuntu 16.04 Maybe anyone has some ideas. Thanks in advance. :))
-
-
@justeverything I guess I would ask the question" If you open a command prompt on the linux server can you ping (icmp) the windows computer by is short name (or the name registered in fog)?
-
during testing I did find that the udp probe to hosts would aways return a success, even if the host didn’t exist (not a very successful test). This was using the netcat [nc] utility. The command used was
nc -zuvv <ip_addr> 445
When I changed to use the tcp port then the answers were more in line with an icmp ping.
command usenc -zvv <ip_addr> 445
- For a windows host answer was: Connection to <ip_addr> 445 port [tcp/microsoft-ds] succedded!
- For a linux host with samba installed: Connection to <ip_addr> 445 port [tcp/microsoft-ds] succedded!
- For a linux host without samba or anything listening on port 445: Connection to <ip_addr> 445 port (tcp) failed: No route to host.
For a host that doesn’t exist: Connection to <ip_addr> 445 port (tcp) failed: No route to host. (after about 5 sec timeout)
Does the selecting port ping work, yes as long as its a tcp connection attempt.
Why was that selected over an icmp ping, only the programmers of the past know.
-
@george1421 I don’t have any windows computers in my network. but i can ping (normal ping, not icmp) the ubuntu clients over the terminal of the fog host by the short name “pool-05” or by the IP, both successfull.
if I ping a pool pc from the server using “nc -zvv <ip_addr> 445” I also get connection refused.
root@fog:/home/admin# nc -zvv IP 445 pool-14.domain [IP] 445 (microsoft-ds) : Connection refused sent 0, rcvd 0
Does your testing mean, that, if I install samba at my hosts, the ping would work?
I testet it installing samba and libnss-winbind and configured the file /etc/nsswitch.conf
fromhosts: files mdns4_minimal [NOTFOUND=return] dns
to
hosts: files wins mdns4_minimal [NOTFOUND=return] dns
now the output looks like this:
root@fog:/home/admin# nc -zvv IP 445 pool-14.domain [IP] 445 (microsoft-ds) open sent 0, rcvd 0
but the hosts list still returns an error “connection timed out”
Maybe, in a new version of fog, maybe the process of pinging using icmp can be changed to a normal ping to be more variable for linux hosts? that would be great.
I will also try the steps postet by @Tom-Elliott and write back if anything changes.
-
We solved by doing the following:
On the FOG-Server install Winbind:
sudo apt-get install -y winbind libnss-winbind
Edit the Samba config:
# /etc/samba/smb.conf [global] ... workgroup = <domain/workgroup> ... wins server = <ipofyourwinsserver> ...
Edit the nsswitch config:
# /etc/nsswitch.conf hosts: files dns wins
Reboot your server.
On the Windows 7 clients we had to add the following firewall rule:
netsh advfirewall firewall add rule name="FOG Service" dir=in action=allow remoteip=<ipofyourFOGserver> protocol=tcp localport=445
That worked for us.