1

I have been troubleshooting an issue where users could not connect to a CentOS 7 server from a particular host. I eventually determined that the system considered the requesting host to be unreachable, and so was unable to send any response.

Running ip route show revealed that in addition to a couple expected routing rules, there were a large number of seemingly arbitrary hosts that are marked as unreachable.

$ ip route show
default via XXX.XXX.XX.X dev ens192 proto static metric 100 
unreachable 24.28.137.193 
unreachable 31.220.0.186 
unreachable 31.220.2.132 
unreachable 31.220.3.148 
unreachable 31.220.40.163 
unreachable 31.220.40.236 
unreachable 31.220.40.237
...

Sure enough, the users' host was included and so i deleted the rule. That fixed the problem.

I don't know how the host ended up in the routing table in the first place, though. My guess is that these hosts have been flagged by some system software as possibly attempting to break in.

What software might have created these routing rules? Or how can i find out? I want to make sure that the users' host is not automatically blocked again.

Brett38
  • 11
  • 3

2 Answers2

0
  1. If you have any VPN connection, it's possible these routes being injected from it
  2. Usually static route are added via /etc/netplan/* files or /etc/network/interfaces file
  3. If look at what interface are these routes egressing through, that can give you a clue about it
surfingonthenet
  • 715
  • 3
  • 7
0

I determined that the cause was fail2ban, which was installed on the system by our hosting provider, who then forgot about it...

Brett38
  • 11
  • 3