If a distributed service is configured on the VPS, it can’t run. What should be configured is configured. What the hell. There are many in the log:

No route to host

However, I can ping, in order to exclude the cause of the program itself, I have to use the telnet command to test whether I can connect.

yum update
yum -y install telnet
telnet x.x.x.x 1111

Output results:

Trying x.x.x.x...
telnet: connect to address x.x.x.x: No route to host

Solution:

The following command has been executed and the port has been released. Why?

iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 1111 -j ACCEPT

Crawling around the Internet, I finally know why.

Wrong:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:512]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1111 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Correct:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:512]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1111 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Conclusion (all dry goods, because I really don’t know iptables)

Port release entry, please put in front of the following entry, and then modify, restart the firewall, everything is OK.

-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited