曾經(jīng)在https://blog.csdn.net/bisal/article/details/42496583這篇博文中提到一個(gè)端口連接的驗(yàn)證：

“ora10g@localhost.localdomain$telnet 172.101.19.57 1521
Trying 172.101.19.57...
telnet: connect to address 172.101.19.57: No route to host
如果端口未開，實(shí)際報(bào)錯(cuò)：
ora10g@localhost.localdomain$telnet 172.27.19.56 1521
Trying 172.27.19.56...
telnet: connect to address 172.27.19.56: Connection refused
是不是防火墻的問題？？？
從數(shù)據(jù)庫(kù)服務(wù)器關(guān)閉防火墻：
[root@dcsopen2Node ~]# service iptables stop
iptables: Flushing firewall rules: [  OK  ]
iptables: Setting chains to policy ACCEPT: nat mangle filter [  OK  ]
iptables: Unloading modules: [  OK  ]
再?gòu)倪h(yuǎn)程機(jī)器執(zhí)行：
ora10g@localhost.localdomain$telnet 172.101.19.571521
Trying 172.101.19.57...
Connected to 172.101.19.57.
Escape character is '^]'.
說(shuō)明端口已開，更重要的是，明確了，就是防火墻問題。”

通過實(shí)驗(yàn)再次說(shuō)明下“Connection refused”和“No route to host”的區(qū)別和問題診斷思路。

首先，網(wǎng)上有篇帖子說(shuō)明“Connection refused” vs “No route to host”(https://superuser.com/questions/720851/connection-refused-vs-no-route-to-host)：

"Connection refused" means that the target machine actively rejected the connection. With port 80 as the context, one of the following things is likely the reason:
    Nothing is listening on 127.0.0.1:80 and 132.70.6.157:80
    Nothing is listening on *:80
    The firewall is blocking the connection with REJECT
So check your Apache and iptables config.
"No route to host" refers to a network problem. It is not a reply from the target machine.
說(shuō)的是“Connection refused”是目標(biāo)主機(jī)明確拒絕了這次連接，有可能是該端口沒有啟動(dòng)監(jiān)聽，或者因?yàn)榉阑饓Α！癗o route to host”則可能是一個(gè)網(wǎng)絡(luò)問題，不是目標(biāo)主機(jī)的回復(fù)。

一個(gè)實(shí)驗(yàn)?zāi)�擬：

客戶端機(jī)器ip：172.1.1.1

目標(biāo)機(jī)ip：172.1.2.1

1. 從客戶端telnet目標(biāo)機(jī)的一個(gè)已啟動(dòng)端口1521，但防火墻中未添加例外。

從172.1.1.1 telnet 172.1.2.1 1521，提示no route to host。

Trying 172.1.2.1...

telnet: connect to address 172.1.2.1: No route to host

在防火墻配置中iptables添加1521端口，telnet正常。

2. 從客戶端telnet目標(biāo)機(jī)的一個(gè)未啟動(dòng)監(jiān)聽的端口

172.1.2.1的10001端口沒有啟用，netstat -an | grep 10001不存在。

從172.1.1.1 telnet 172.1.2.1 10001，提示connection refused。

Trying 172.1.2.1...

telnet: connect to address 172.1.2.1: Connection refused

結(jié)論：說(shuō)明No route to host是防火墻的返回，先經(jīng)過防火墻，不管端口有沒有。然后如果通過了防火墻，但監(jiān)聽未啟動(dòng)，則提示Connection refused的錯(cuò)誤。