"No route to host" when trying to connect to a TCP service on an Oracle Cloud Intance

Solution 1:

The problem seems to be related to OCI not wanting you to use ufw in Ubuntu: https://docs.cloud.oracle.com/iaas/Content/knownissues.htm#ufw

I have to disable or remove ufw and edit the file /etc/iptables/rules.v4 as described in the link given above. After that, to enable the new rules, I need to run:

# iptables-restore </etc/iptables/rules.v4

It seems that the ufw rules do not have any effect in such a configuration and I have to use iptables. This is, however, not a very user-friendly way to manage the firewall rules on an Ubuntu server on OCI platform.

Solution 2:

I found this issue with Oracle Linux in Oracle cloud. It has predefined set of blocking rules. So I was succesfully connecting 22 port (ssh), but was getting "No route to host" trying to connect other ports.
You need to open ports individually:

Ex, for Docker:

firewall-cmd  --permanent --zone=public --add-port=2377/tcp
firewall-cmd  --reload

Also, you need to setup security list for virtual cloud network.

Solution 3:

It can be in the network or in the Linux instance. And if it is in Linux, it can be the iptables or the service.

To start wit the last one, and because you have mail, try on the Linux box:

telnet 127.0.0.1 smtp
helo there
quit

Do you see 220, 250 and 221 messages? Then your mail service works. If you get Connection refused, then your service is not up and running.

Next, iptables -nvL should tell you if the ports are open for the outside world. If you cab't make heads -or tails of the output,

service iptables stop

should stop iptables, which for a test might be acceptable. You said that you got rid of ufw, so I assume sudo ufw disable won't be needed anymore.

If, with iptables out of the way, you are still not able to connect, it is probably a setting in the Amazon cloud, with which I have no experience.