No route to host - Debian testing firewall

26 February 2025

My old laptop recently failed catastrophically due to a hardware or driver issue and the filesystem was corrupted so badly I had to reinstall the OS. I installed the latest Debian testing (trixie) release and all was well until I tried to set up Syncthing. The laptop was being discovered by others but it couldn't see anyone itself. Attempts to share folders were failing silently.

Weirder yet, my desktop could ping the laptop but if I tried to connect to the Syncthing port with nc -v $ip 22000 then it would report "no route to host". What? My routes are fine!

As many sysadmins would know, and I had forgotten, you can get this strange-looking error when the connection is being denied by a firewall. This is all well and good, but since when does Debian have a firewall installed by default?

Apparently this is actually due to a "recommends" dependency on firewalld when you choose the "KDE" option in the installer. I don't know but I suspect this is a packaging bug more than an intentional decision. Anyways, uninstalling firewalld got me back in business.

Tech Tidbits Blog by Thomas Karpiniec
Posts RSS, Atom