networking
protocol_error
ai_generated
true
ICMP:从10.0.0.2:53到10.0.0.1:54321的端口不可达
ICMP: Port unreachable from 10.0.0.2:53 to 10.0.0.1:54321
ID: networking/udp-port-unreachable
85%修复率
85%置信度
1证据数
2024-02-10首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Linux kernel 5.10-6.8 | active | — | — | — |
| Windows Server 2022/2025 | active | — | — | — |
| FreeBSD 13-14 | active | — | — | — |
| DNS servers (BIND 9.18-9.20, Unbound 1.17-1.22) | active | — | — | — |
| syslog-ng 4.0-4.8 | active | — | — | — |
根因分析
UDP数据包被发送到目标主机(10.0.0.2:53)上的一个关闭端口,目标主机响应ICMP端口不可达消息,表明该端口上没有应用程序在监听。
English
A UDP packet was sent to a closed port on the destination host (10.0.0.2:53), and the destination responded with an ICMP Port Unreachable message, indicating no application is listening on that port.
官方文档
https://datatracker.ietf.org/doc/html/rfc792解决方案
-
Verify the destination service is running and listening: `ss -ulpn | grep :53` on Linux; if not, start the service (e.g., `systemctl start named` for BIND).
-
Check the source application configuration to ensure it sends to the correct port: e.g., in `/etc/resolv.conf` for DNS, ensure `nameserver` points to 10.0.0.2 and port is 53.
-
If the service is intentionally not running, update the source to use a different destination or port, or install the required service.
无效尝试
常见但无效的做法:
-
Adding a firewall rule to drop ICMP Port Unreachable messages
85% 失败
This hides the error but does not fix the underlying issue; the source application still fails to communicate and may timeout instead of getting a fast failure.
-
Restarting the destination service without verifying it's listening on the correct port
70% 失败
The service may be misconfigured to listen on a different port or interface, so restarting does not resolve the mismatch.
-
Assuming the source is sending to the wrong IP address and changing routing
60% 失败
The ICMP message confirms the IP is reachable; the issue is the port, not the address.