-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Paul,
On Mon, 2021-09-20 at 02:11 +0000, Paul Wise wrote: > On Sun, Sep 19, 2021 at 12:40 PM Jeremy Stanley wrote: > > On 2021-09-19 01:24:32 +0000 (+0000), Paul Wise wrote: > > > On Sat, Sep 18, 2021 at 2:35 PM Jeremy Stanley wrote: > > > > > > Normally one would get "Connection refused" when connecting to a port > that isn't open, but at this site one gets "No route to host", as if > there is no network path to reach the host, which is clearly not true > since the HTTP port works. I wasn't aware it is even possible to have > different routing for each TCP port, I guess this is a feature of > OpenStack? If the packet reached the host that would be strange. Still it is possible to configure that by iptables. But for devices on the path that are configured to do some processing, this is normal behaviour - e.g. Cisco A9K routers would generate a "No route to host" for filtered ports, no matter that there is "Port is filtered" message. Also all kind of re-directors/load balancers/etc. would do the same for ports that are not configured and they do not know how to route the packet. It is a common networking concept to route packets via different paths based on ports, protocols or any other non-destination address based criteria - "policy based routing" or PBR for short... Hope that helps, b. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEumC8IPN+WURNbSUAE2VyCRPS8i0FAmFH99cACgkQE2VyCRPS 8i3GbA//TBkntlkhe0e6mewudnbgy00UW6QMAKRR/EqxnY+0cPtiPUNf7P96Pbkl zW6ztXs24dfijxE8YOyBVGbJ3Yj0lM9hhL5Hf6Dt8i42kSlswYAaf1TC1eKPUbqf QT3Yu092/XWXt0CRW5dJMV2fw2y1vzHyQC5shPxOMnW14JtdSxpqLlsSqkch2VqJ 6fLosSUHzp/55FlxXqsA+BPsNG0PBNILlQl+9KvHdopcTNwGMX3ly0xx67TIUgx1 oMm7LflgfuHtKNGrOqdah/mi383DYtK1/vu++IXqw7+UCm8sQnsIlwovFQ2Oi4Mg ex8UgwMDCGITK/yvavdoCWfXU21Uel/vd2AITgovOBL7A8pXJUpf87ONiWI2AxNU t4+9NfPmsozZpW/tTpsVV4Nbpg4V4yBaaBUh7Vl23fKJRVPXqlHzZHNX3L02BHT5 2lqJzSaVn8woAiJzqmEecVUSrhYR/nL0+m0AubKh+0NNXzifcf2m6m52GJF3XIfU NK4Rffdso5kF+R4yXmXubhlME0uGleSSHZM/qTaUpCfY+qlQ/IwNGuHTHanDfLqp l2mag3Fx7AIdGuLYs4IFvgjmO9qa22rRY/8ztwBrSi35EJXvPAByi55NKsYn77UV 4l/wyws2DUaS659ecm81jp8hGJdpRW6atkgHCmBgwbvEjRUz+5M= =aEjH -----END PGP SIGNATURE-----
