No Route to Host

Support for the docker image maintained by dlandon
Post Reply
D34DC3N73R
Posts: 1
Joined: Fri May 29, 2020 5:20 pm

No Route to Host

Post by D34DC3N73R »

I'm running dlandon/zoneminder on ubuntu 18.04. The install went fine, and I believe I've even got my GPU integrated (opencv.sh completed without errors). I got remote access working with an nginx reverse proxy using the LS letsencrypt image. The issue I'm having is I'm unable to connect to cameras. I have a hikvision DS-2CD2385G1-I and when I run `ffprobe rtsp://admin:<password>@192.168.0.81:554/Streaming/Channels/101` from within the container, I receive the following errors:
[tcp @ 0x55e0a72684e0] Connection to tcp://192.168.0.81:554?timeout=0 failed: No route to host
rtsp://admin:<password>@192.168.0.81:554/Streaming/Channels/101: No route to host

I've verified the camera is available and the stream url is correct with both VLC and the ONVIF device manager. I can't run the container in host network mode, because I'm already using ports 80 and 443 for the letsencrypt container on my host. Any thoughts on how I can connect to my camera?
adaviel
Posts: 1
Joined: Mon Aug 10, 2020 5:15 pm

Re: No Route to Host

Post by adaviel »

I have a similar problem.

I'm trying to run Zoneminder on a laptop with CentOS 8, but could not install the package (dependency hell,lots of Perl and other modules I don't have or can't install/build).

I installed Docker using some tips from https://www.liquidweb.com/kb/how-to-ins ... -centos-8/
and have been able to install the dlandon/zoneminder image. The webserver runs OK.

I have a temporary setup where I can either connect to the internet via NAT,or connect to my camera. The camera is autoconfigured on 169.254.87.100 and I can get video directly with "ffplay rtsp://user:passwd@169.254.87.100/video.h264"

I used 'docker exec -i -t Zoneminder bash' to get a shell on Docker and installed netcat and inetutils-ping with dpkg after getting the packages on my laptop and copying them across with "docker cp".192.168.122.1

I am able to ping my camera from the Docker shell with "ping 169.254.87.100". ffprobe from the Docker shell fails with "no route to host"
If I look on the network on my laptop with tcpdump, I see
10:40:02.404330 IP 172.17.0.2.43580 > 169.254.87.100.rtsp: Flags [S], seq 1354806920, win 29200, options [mss 1460,sackOK,TS val 1730401304 ecr 0,nop,wscale 7], length 0
10:40:02.404380 IP localhost.localdomain > 172.17.0.2: ICMP host 169.254.87.100 unreachable - admin prohibited filter, length 68

I suspect an issue with firewalld/iptables. I deleted a couple of rules with "reject-with icmp-host-prohibited" to no effect. I flushed all the iptables rules, then stopped and started docker, and saw some forwarding rules re-populated. Same as before - ping works, ffprobe doesn't.

When I disconnect my camera and connect to the internet, I'm seeing the same behaviour from the Docker shell - I can ping my own webserver elsewhere, but "nc mywebserver 80" fails with an admin prohibited filter message. It looks like ICMP is getting through but not some others. Weirdly, I can ssh from docker to the laptop (port 22), but not to remote servers, and web requests from docker to the laptop ports (80,8080) are also rejected. I can't see

I'm not particularly familiar with Docker (I've not used it before) so I don't know what's normal.

CentOS 8 is running firewalld. I'm more familiar with CentOS6 and iptables. firewalld appears to be running nft, although there are entries under iptables possibly added by the Docker install (which per the instructions I followed used a CentOS 7 package).

There is a line from "nft> list table inet firewalld" "chain filter_IN_public_allow { tcp dport ssh ct state new,untracked accept", also port 9090, which may explain why I'm able to SSH from Docker but not do an HTTP request. I didn't know nft existed. Hmm, the liquidweb docs suggest disabling firewalld. OK, if I stop firewalld I can now get to the webserver on the laptop, but now I can't ping my remote webserver. Okaaay...

Try stop firewalld, stop Zoneminder, stop docker, start docker, start Zoneminder. Now I get the forward rules created in iptables and can get to my webserver from inside docker.
So, disconnect from the internet and re-connect to my camera.
It works !

I'm not sure if that is any help for you, but the diagnostics with tcpdump and ping from docker shell may be useful.
Greg_Talyor
Posts: 38
Joined: Mon Aug 17, 2020 7:41 pm

[SOLVED] Re: No Route to Host

Post by Greg_Talyor »

With my Debian bookworm box, I do a sudo apt-get update as I usually do. However, I encounter a no route to host error. What seems to be odd is the file sizes in the directory concerned. Any idea is welcome. Ta

Code: Select all

Ign:6 https://zmrepo.zoneminder.com/debian/release-1.36 bookworm/ InRelease    
Ign:6 https://zmrepo.zoneminder.com/debian/release-1.36 bookworm/ InRelease
Ign:6 https://zmrepo.zoneminder.com/debian/release-1.36 bookworm/ InRelease
Err:6 https://zmrepo.zoneminder.com/debian/release-1.36 bookworm/ InRelease
  Could not connect to zmrepo.zoneminder.com:443 (158.69.226.113). - connect (113: No route to host)
Reading package lists... Done
W: Failed to fetch https://zmrepo.zoneminder.com/debian/release-1.36/bookworm/InRelease  Could not connect to zmrepo.zoneminder.com:443 (158.69.226.113). - connect (113: No route to host)
W: Some index files failed to download. They have been ignored, or old ones used instead.
zoneminder bookworm.png
zoneminder bookworm.png (110.07 KiB) Viewed 15130 times
Last edited by Greg_Talyor on Wed Sep 13, 2023 7:02 pm, edited 1 time in total.
Greg_Talyor
Posts: 38
Joined: Mon Aug 17, 2020 7:41 pm

[SOLVED] Re: No Route to Host

Post by Greg_Talyor »

My (Tue Sep 12, 2023) problem is now resolved. It possibly was a transient hiccup on the zoneminder repository. It has nothing to do with the file sizes either, at least not in this directory. I don't know enough debian repository directory structure to make a judgement.
Post Reply