HomeKnowledge BaseConnection Timed Out / Refused
connection timed outconnection refused errornetwork unreachable

How to Fix Connection Timed Out, Connection Refused, and Network Unreachable Errors

These three errors all mean your client could not reach the server — but for very different reasons. This guide explains each one, how to diagnose which you have, and exactly how to fix it.

Timeout vs Refused vs Unreachable — What Is the Difference?

All three errors indicate a failed connection attempt, but they tell you very different things about where the failure occurred:

ErrorWhat it meansWhere the failure is
Connection timed outServer never replied within the timeout windowNetwork path, firewall (silent drop), or overloaded server
Connection refused errorServer actively sent a RST packet — it rejected the connectionNo service listening on that port, or firewall actively rejects
Network unreachableThe OS could not find a route to the destinationLocal routing table, gateway, or ISP routing issue
ℹ️A connection timed out is usually a firewall or network issue. A connection refused error usually means the service is down or on the wrong port. Network unreachable means your machine cannot even attempt to route to the destination.

Common Causes

Connection Timed Out

  • Firewall silently dropping packets
  • Server overloaded / not responding
  • Network congestion or high latency
  • Wrong IP address or DNS pointing to wrong host
  • VPN or proxy blocking the route

Connection Refused

  • Service not running (web server, database, etc.)
  • Service listening on wrong port
  • Firewall actively rejecting the port
  • Service crashed or failed to start
  • Binding to 127.0.0.1 instead of 0.0.0.0

Network Unreachable

  • No default gateway configured
  • Network interface is down
  • ISP routing outage
  • Wrong subnet mask
  • VPN tunnel dropped

Diagnosing the Error

Run these commands in order to narrow down the cause:

1. Ping the host

Confirms whether the host is reachable at the network level:

ping -c 4 example.com

2. Check if the port is open (telnet / nc)

If ping works but the connection still fails, the port may be blocked or the service may be down:

# Test if port 443 is open
telnet example.com 443

# Or with netcat (nc)
nc -zv example.com 443

3. Trace the network path

Identifies where in the network the packets are being dropped:

# Linux / macOS
traceroute example.com

# Windows
tracert example.com

4. Check what is listening on the server

Run this on the server itself to confirm the service is running and bound to the right address:

# Linux — show all listening TCP ports
ss -tlnp

# Or with netstat
netstat -tlnp | grep LISTEN

Fixing Connection Timed Out

Check firewall rules

The most common cause. Check both the server's local firewall and any cloud security groups:

# Check iptables rules (Linux)
sudo iptables -L -n -v | grep DROP

# Check UFW status
sudo ufw status verbose

# Allow a port through UFW
sudo ufw allow 443/tcp

Check cloud security groups

If your server is on AWS, Azure, or GCP, check that the security group / network security group allows inbound traffic on the required port from the client's IP range.

Check server load

# Check CPU and memory
top

# Check if the service is running
systemctl status nginx
systemctl status apache2
💡If the server is reachable via ping but the port times out, the issue is almost always a firewall rule — either on the server itself or at the cloud provider level.

Fixing Connection Refused Error

Start or restart the service

# Restart Nginx
sudo systemctl restart nginx

# Restart Apache
sudo systemctl restart apache2

# Restart a Node.js app via PM2
pm2 restart app-name

Check the service is binding to the right address

A service bound to 127.0.0.1 is only accessible locally. It must bind to 0.0.0.0 to accept external connections:

# Check what address Nginx is listening on
ss -tlnp | grep nginx

# In Nginx config — listen on all interfaces:
listen 0.0.0.0:443 ssl;

Check service logs for crash reason

# Nginx error log
sudo tail -50 /var/log/nginx/error.log

# Systemd journal for the service
sudo journalctl -u nginx -n 50 --no-pager

Fixing Network Unreachable

Check your routing table

# Linux
ip route show

# Windows
route print

Look for a default route (0.0.0.0/0). If it is missing, your machine has no gateway configured.

Add a default gateway

# Temporarily add a default route (Linux)
sudo ip route add default via 192.168.1.1

# Permanently (edit /etc/network/interfaces or netplan config)
gateway 192.168.1.1

Restart the network interface

# Linux (NetworkManager)
sudo systemctl restart NetworkManager

# Or bring the interface down and up
sudo ip link set eth0 down && sudo ip link set eth0 up
⚠️If network unreachable affects all destinations, the issue is almost always a missing or incorrect default gateway, or the network interface itself is down.

Prevention and Monitoring

  • Document your firewall rules — keep a record of which ports are open and why. Undocumented rules get forgotten and cause outages when servers are rebuilt.
  • Use process supervisors — run services under systemd, PM2, or Supervisor so they restart automatically if they crash.
  • Set up health checks in your load balancer — so traffic is automatically routed away from unhealthy instances.
  • Monitor with Alive24x7 — TCP port monitors check whether your ports are open every minute. If a service stops accepting connections, you get an instant alert before users notice.

Know the moment a connection drops

Alive24x7 monitors TCP ports, HTTP endpoints, and ICMP ping from 13 global locations. If your service stops accepting connections — for any reason — you will receive an instant alert via email, Slack, or SMS.

Start Monitoring Free

Frequently Asked Questions

What is the difference between connection timed out and connection refused?

A connection timed out means the server never replied — the client waited and gave up. A connection refused error means the server actively sent a rejection (RST packet). Timeout usually points to a firewall or network issue; refused usually means no service is running on that port.

Can a connection timeout be caused by the server being too slow?

Yes. If the server is severely overloaded, it may not process the TCP handshake in time, causing the client to time out. Check server CPU, memory, and connection queue length.

What does network unreachable mean?

Network unreachable means your operating system could not find a route to send packets to the destination. This is typically a local routing problem — a missing default gateway, a downed network interface, or a broken VPN tunnel.

How can I tell if a firewall is causing a connection timeout?

If ping works but telnet/nc to the specific port times out, a firewall is almost certainly blocking that port. Check iptables/UFW on the server and any cloud security groups.

How does Alive24x7 help with connection errors?

Alive24x7 offers TCP port monitoring — it attempts a connection to your specified host and port every minute. If the connection is refused or times out, you receive an instant alert so you can investigate before users are affected.

Related articles

DNS Server Not Responding →403 Forbidden / Access Denied →SSL Certificate Errors →Common Website Downtime Reasons →