Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

flexera license grid daemon (lmgrd) cannot find route to another ec2 instance which is running the server

0

Hi I am trying to run software using Flexera's lmgrd daemon (ports 5280-5281) running vendor (server) daemons, security groups allow both inbound and outbound ports from any sub-net (0.0.0.0), both EC2 instances ("server" and clients) are on the same subnet, same region yet "no route to host" error type is reported. Has anyone already dealt with that? Reachability checker shows it reachabe, btw.

Themen
Vernetzung & Bereitstellung von InhaltenKalkulation
Tags
Amazon VPCAmazon EC2Vernetzung & Bereitstellung von Inhalten
Sprache
English
Momchil
gefragt vor 10 Monaten218 Aufrufe
2 Antworten
1
Akzeptierte Antwort

Client and server are in the same subnet (in the same VPC, in the same account), and inbound & outbound 5280/tcp & 5281/tcp are allowed in the security group.

Are there any ACLs associated with either instance?

Which operating system are the EC2s running, and is there a host-based firewall running on either? This would be likely be ufw on Ubuntu, or firewalld on Fedora/RHEL/CentOS.

Confirm the licence manager is definitely running and listening on those port(s), check with netstat -tulpn.

ncat https://nmap.org/ncat/guide/index.html can be useful for troubleshooting port issues, the package should be available to install from the standard repos and I believe is part of the nmap package (Ubuntu) or nmap-ncat (Fedora/RHEL/CentOS).

profile picture
EXPERTE
Steve_M
beantwortet vor 10 Monaten
  • Momchil
    vor 10 Monaten

    thanks for the direction RWC, indeed - It turned out that it was the host-os/firewalld being enabled, while I was assuming was disabled and this issue handled by AWS Security Group policies exclusively...

0

Hi, did you validate that the additional status checks of your various instances made by EC2 supervision are "full green"?

See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html

In particular, the system status check (see doc section) validates network connectivity. You should make sure that you're good on this side.

The next steps that I would suggest :

  • extends your current security groups to allow ICMP protocol to test via ping between server and clients
  • finally try to connect via telnet between clients and server to see if you get the proper connection or more diagnosis / debugging info.

I personally often use telnet to debug my tcp connectivity issues: see https://netbeez.net/blog/telnet-to-test-connectivity-to-tcp/

Hope it helps Didier

profile pictureAWS
EXPERTE
Didier_Durand
beantwortet vor 10 Monaten
  • Momchil
    vor 10 Monaten

    Hi Didier, thank you for the response and the suggested telnet debug. It turned out that it was the host-os/firewalld being enabled, while I was assuming was disabled and this issue handled by AWS Security Group policies exclusively...

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt