Can't ping anything on LAN or WAN

Posted on 2003-11-18
Medium Priority
Last Modified: 2010-05-18
Background info:

OS: MandrakeSecurity Multi-Network-Firewall 8.2
Kernel: 2.4.18-8.1mdksecure

Hope-to-have setup:

Internet -> ADSL router -> eth0 (server) eth1 -> switch -> LAN

Current setup: (until the server is configured)

Internet -> ADSL router/gateway/DHCP -> hub -> LAN -> Linux server

My Linux box is a IBM eServer xSeries 335 (rack) with 2 built-in BroadCom netXtreme Gigabit Ethernet cards. I have (finally) successfully installed the drivers and Linux detects both as eth0 and eth1.

I have tried assigning static IPs and using the router's IP as gateway. I have tried assigning a static IP to one card and a DHCP to the other. Finally I tried both DHCP. The cards get IP addresses from the DHCP server.

But I cannot ping anything except (and the current IP). The router is If i ping that or any other machine, I get this

[root@localhost ]# ping
PING ( from : 58(84) bytes of data.
--- Ping statistics for ---
5 packets sent, 0 packets received, 100% packet loss
[root@localhost ]#

Here's the (current) contents of /etc/sysconfig/network


# Gateway configuration
GATEWAY= //note: doesn't seem to make a difference if there's an IP here or not

Here's the contents of /etc/sysconfig/network-scripts/ifcfg-eth0 (currently set up with static IP)
GATEWAY= //note: fake

Here's the contents of /etc/sysconfig/network-scripts/ifcfg-eth1
(currently set up with DHCP)

the eth1 interface is currently and the router is at All DHCP machines are

Whenever I try to ping anything, I just get 0 packets received.

When I ping either or when it's static like from a Windows ME computer, I get this error

C:\WINDOWS> ping
Pinging with 32 bytes of data:

Reply from Destination port unreachable.
Reply from Destination port unreachable.
Reply from Destination port unreachable.
Reply from Destination port unreachable.

Ping statistics for
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip in milliseconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Please tell me what could be wrong and how could I connect to my LAN/Router/ Internet!!!!
Question by:x13
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 9

Expert Comment

ID: 9776473
Can you run

route -nNvee

and post the results?

Expert Comment

ID: 9776477
Also, please run


and post those results.  

Author Comment

ID: 9779579

[root@localhost ]# route -nNvee
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface MSS Window irtt U 0 0 0 eth1 40 0 0 U 0 0 0 eth0 40 0 0 U 0 0 0 lo 40 0 0

[root@localhost ]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:(etc)
       inet addr: Bcast: Mask:
       Rx packets:160 errors:0 dropped:0 overruns:0 frame:0
       Tx packets:1 errors:0 dropped:0 overruns:0 carrier:0
       collisions:0 txqueuelen:100
       RX bytes:16618(16.2 Kb) TX bytes:64 (64.0 b)
       Interrupt:24 Memory:fbff0000-fc000000

eth1 Link encap:Ethernet HWaddr:00:09:6B:etc
       inet addr: Bcast: Mask:
       RX packets:243 errors:0 dropped:0 overruns:0 frame:0
       TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
       collisions:0 txqueuelen:100
       RX bytes:23814 (23.2 Kb) TX bytes:812 (812.0 b)
       Interrupt:25 Memory:fbfe0000-fbff0000

lo   Link encap:Local Loopback
      inet addr: Mask:
      UP LOOPBACK RUNNING MTU:16436 Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[root@localhost ]#

Phew, that was a lot of typing. :-) Let me know if you need any more info. Oh, I almost forgot. I couldn't ping even the loopback address,, until I modified this: /proc/sys/net/ipv4/icmp_echo_ignore_all to have a value of 0. I now can ping loopback and my own IP but nothing else.

Also, I am supposed to be able to use a web browser on the LAN to configure the server, but I can't access it using https: protocol either.

Limited time offer using promo code EXPERTS25

Designed with a wealth of functionality and convenience, ATEN's new Thunderbolt™ 2 Sharing Switch takes your Thunderbolt setup to the next level. Now through August 31, 2017, Experts Exchange members get 25% off the US7220 on the ATEN USA eShop using promo code EXPERTS25.


Author Comment

ID: 9779957
could it be related to iptables?

Expert Comment

ID: 9780628
Sorry, the typing could have been avoided using redirection

route -nNvee >outroute.txt
ipconfig >outconfig.txt

Really sorry...

Author Comment

ID: 9780721
that's ok, as long as it helps to find an answer... it's like this machine isn't even plugged in. I can't FTP, telnet, or http or ping it from another computer. I can't ping or ftp out either. I have no idea what to do, and i'm suposed to be configuring it from a browser on my LAN. Well I can't because the LAN can't see the blasted thing, except to say "Port unreachable" and stuff. :-(

Expert Comment

ID: 9780765
eth0 is pointing to the ADSL router?  I would have expected that to have an IP of somthing like (what eth1 seems to have).  As it is it looks like eth0 has an address that does not mesh with the ADSL.  Is eth0 getting its address from DHCP from the ADSL?  If not, I would try allowing it to.

Then the following might do the trick:

ip route add default via dev eth0

But then you have the situation where eth0 and eth1 are using the same subnet...

Author Comment

ID: 9780790
eth0 is not pointing to anything. I gave it a fake static IP on a new subnet (192.168.99.X) because someone had mentioned that the subnets have to be different.

The DSL modem is somewhere on the LAN right now.

eth1 *should* be able to connect to the LAN

eth0 should *not* connect to the lan due to its IP address.

If I set both eth0 and eth1 to DHCP they get IP addresses:

But I just set eth0 to have a static IP. My goal is just to connect to my LAN at least. I am hoping that once I can connect to the server with a browser, I can configure the rest that way.

Expert Comment

ID: 9780880
The DSL modem is at ?
Then eth0 will have to have an address of 192.168.1.x if it is to contact the modem.
What happens if you let both eth0 and eth1 use DHCP and you say

ip route add default via dev eth0

Expert Comment

ID: 9781359
If you want eth0 to have access to only to the DSL modem then you will have to change the IP address of the modem.
So if eth0 has address then the modem should have address (for example).  This will make the modem unavailable to the LAN - except for your system through eth0.

Is the DSL Modem supplying DHCP services?  This is not good if there is another DHCP server on the LAN.  You should disable this on the modem if this is the case.

Author Comment

ID: 9782211
hi robertjbarker,

thank you for continuing to send your ideas.

RIGHT NOW - the DSL modem is the *only* dchp server on the network. the Linux box is not yet configured to do anything (well not that I know of anyway). eth0 is not plugged into the modem yet.

in the future, I am planning to set it up the way you said, with the modem and the eth0 on one subnet, and eth1 and LAN on another. But currently eth0 and the modem aren't direcly connected.

I set both to use DHCP and they have

[root@localhost ]# ip route add default via dev eth0
RTNETLINK answers: Network is unreachable
[root@localhost ]# ip route add default via dev eth1
RTNETLINK answers: File exists
[root@localhost ]#

Interesting. after ONCE AGAIN editing that pesky /proc/sys/net/ipv4/icmp_echo_ignore_all, I have discovered that I can ping (eth1) from eth1 and (eth0) from eth0, but I can't ping eth1 from eth0. (Error: Destination host unreachable)

Expert Comment

ID: 9783777
Can you get through to the DSL modem through eth1 now?

Expert Comment

ID: 9784832
I worry about the responses to the ip route commands.  If you run ifconfig after these I would expect that you would come up with output something like this:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface    MSS   Window irtt   U     0      0        0 eth0     0     0      0         UG    0      0        0 eth0     0     0      0   U     0      0        0 eth1     0     0      0         UG    0      0        0 eth1     0     0      0

If not then something is clearly amiss with the execution of the ip route commands

I wonder if you are running into firewall rules.

First, it seems strange to me to have two network connections on a firewall communicating with the same subnet - it kind of defeats the purpose of the whole thing.

Perhaps it would be better if you went straight to your intended configuration and tried to get it going. Then you would at least be solving the problems you will need to solve in your intended solution, instead of problems you might not run into otherwise.

Am I right to assume that the DSL modem is in use by the others on the LAN now so that you don't want to take it out of the subnet at this time?  If so, you could try taking eth0 off the LAN and hooking it directly to a single workstation.  Then you could set up a subnet, say 10.x.x.x, with just that workstation and eth0, and figure out how to route through the firewall to the modem.

Author Comment

ID: 9787778
You are correct, the DSL modem is in use, and unfortunately I don't have access to the building after hours (no one does) so the amount of time I will have to play with it will be very limited.

Excellent suggestion. I am going to plug eth0 into this little workstation here, and make a new subnet. And leave eth1 plugged into the LAN. I will post back here shortly. Thank you.

Author Comment

ID: 9788253

Current configuration

DSL modem -> LAN -> my hub -> Windows ME (
                                                   Windows 98 (
                                                   Linux eth0 (
                                                   Linux eth1 (

route -n:

Destination      Gateway      Genmask        Flags Metric Ref Use Iface    U       0      0    0    eth1    U       0      0    0    eth0           U       0      0    0    lo             UG      0      0    0    eth1

I even tried netconfig -d eth0 --gateway= but it doesn't put a gateway for eth0.


From the Windows 98 workstation ( ping -> Destination port unreachable

From eth0 ( ping -> 0 packets received

From eth1 ( ping -> 0 packets received

From Windows ME ( ping -> Destination port unreachable.


Expert Comment

ID: 9789617
I don't seem to be helping a great deal, do I.

I'm pretty much stumped, and pretty sorry about it too...

Author Comment

ID: 9790230
Well, i appreciate all your help, do not give up...

a tcpdump reveals the message

17 packets received by filter
0 packets dropped by kernel

This makes me think that my firewall or iptables are interfereing in some way. I have renamed my iptables file and tried to edit the policies in shorewall. But still the problem persists and I can't ping anyone, not even the other network card

Author Comment

ID: 9790743
Solved the mystery.

I had to disable shorewall:

[root@localhost ]# shorewall stop

enable icmp

[root@localhost ]# echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

and delete, remove executable, and flush IP tables (after backing up onto floppy of course

[root@localhost ]# cd /etc/rc.d/init.d
[root@localhost ]# rm iptables
[root@localhost ]# chmod -x iptables // yes it makes another one
[root@localhost ]# iptables -F (get rid of all the default rulse
[root@localhost ]# iptables -P INPUT ACCEPT
[root@localhost ]# iptables -P OUTPUT ACCEPT
[root@localhost ]# iptables -P FORWARD ACCEPT


[root@localhost ]# ping
PING from : 56(84) bytes of data
64 bytes from icmp_seq=0 ttl=128 time=726 usec
64 bytes from icmp_seq=1 ttl=128 time=403 usec
64 bytes from icmp_seq=2 ttl=128 time=402 usec

--- ping statistics
3 packets transmitted, 3 packets received, 0% packet loss


Of course, i now have no firewall and no protection. But at least i can function better. Yeesh.

Expert Comment

ID: 9793593
Very good, and congrats!

Accepted Solution

PashaMod earned 0 total points
ID: 9811545
Question closed and points refunded

CS Moderator

Featured Post

7 Extremely Useful Linux Commands for Beginners

Just getting started with Linux? Here's a quick start guide that has 7 commands that we believe will come in handy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses
Course of the Month14 days, 23 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question