Solved

Ubuntu: network/Internet fine but cannot ping LAN computers or itself by computer name

Posted on 2007-12-04
26
6,916 Views
Last Modified: 2012-05-05
I have a wireless network with static DHCP enabled with 3 clients, 2 using WinXP, 1 on Ubuntu

All computers can access Internet fine.

The WinXP computers can share files with each other and ping each other.

The Ubuntu computer cannot even ping the other two. Interestingly, I sent a file from the Ubuntu machine to one of the other computers yesterday so something just happened today.

Also, the Ubuntu machine can only ping itself by IP (192.168.x.x), not by name.

I use Firestarter to manage firewall settings and nothing relevant is being blocked, and if it were blocked, only incoming requests would be affected.

I have tried disabling the software firewalls on the WinXP machines to no avail.

Any suggestions?
0
Comment
Question by:kebabs
  • 12
  • 6
  • 6
  • +2
26 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 20409037
Can you ping default gateway?

Can you show output of ifconfig -a
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20409050
unlikely to be a firewall issue.  If it can't ping by name it is an issue with your /etc/hosts file or internal dns records.

You will likely find that you dns servers listed in /etc/resolv.conf are set to your ISP or similar.

The DNS servers you are using are unable to resolve your server hostname so it doesn't work.

Add your server name to /etc/resolv.conf for the line 192.168.0.1 (or what ever the ip is)
0
 
LVL 8

Author Comment

by:kebabs
ID: 20409053
Yes, I can ping default gateway.

ifconfig -a
eth0      Link encap:Ethernet  HWaddr [mac address (hidden)]
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:17
 
eth1      Link encap:Ethernet  HWaddr [mac address (hidden)]
          inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2725 errors:13606 dropped:14047 overruns:0 frame:0
          TX packets:1956 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:96726113 (92.2 MB)  TX bytes:61704914 (58.8 MB)
          Interrupt:17 Base address:0x8000 Memory:f9fff000-f9ffffff
 
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:182534 errors:0 dropped:0 overruns:0 frame:0
          TX packets:182534 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:245880265 (234.4 MB)  TX bytes:245880265 (234.4 MB)

Open in new window

0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 8

Author Comment

by:kebabs
ID: 20409063
WizRd-Linux, ok, that's fine, I would prefer not to but I can manually add it so that the hostname resolves to the IP.

Anyway, the main problem is not being able to ping the Windows machines (by IP or name)
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20409069
What is the default gateway? netstat -rn

Can you ping default gateway?

Can you run nslookup and resolve domains?
0
 
LVL 8

Author Comment

by:kebabs
ID: 20409074
Omar, default gateway is 192.168.0.1, can be pinged, and can resolve domains via nslookup
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20409086
Ok

What is the ip address and subnet mask of the Win XP m/c?

0
 
LVL 8

Author Comment

by:kebabs
ID: 20409091
192.168.0.13/255.255.255.0
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20409118
Can you paste the output of iptables -nvL?

Your network is setup correctly, so unless you have VLANs configured on your switch and the linux box and XP clients are in differnet vlans you should be able to access them.

The last thing it could be is firewall related.
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20409135
It should be able to ping each other if they are on the same network, unless there is a firewall on either m/cs blocking.

Can you ping from the windows m/cs to  the ubuntu m/c ?

0
 
LVL 8

Author Comment

by:kebabs
ID: 20409370
I think it's just paranoia but I'd rather not show the full output, below are some of the dropped packets.

Omar, can't ping from either side.


Chain OUTPUT (policy DROP 1 packets, 199 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       0    --  *      *       224.0.0.0/8          0.0.0.0/0
    8  1991 DROP       0    --  *      *       0.0.0.0/0            224.0.0.0/8
    0     0 DROP       0    --  *      *       255.255.255.255      0.0.0.0/0
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID

Open in new window

0
 
LVL 3

Expert Comment

by:amirs80
ID: 20409730
can u ping the ubunto pc from xp pcs, if u can then  check the xp firewall bcoz default software firewall is applied on xp systems which doesn't allow any thing
0
 
LVL 8

Author Comment

by:kebabs
ID: 20409768
Yes, I think I already mentioned that pings from both sides time out and that software firewalls on the XP systems were restarted. And yes, Windows Firewall is disabled.
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20410988
Pings from the linux box out will be dropped by rule 4. Show me your INPUT chain, I'm sure to find someone else in there not quiet right.

iptables -nvL again and paste the Chain INPUT section.
0
 
LVL 5

Expert Comment

by:Jozk0
ID: 20413556
Please provide the output of:

# cat /etc/resolv.conf
# cat /etc/hosts
# route -n

It can also happen that the Ubuntu box is blocking icmp responses from the windows boxes. To doublecheck this, first drop all rules:

iptables -F
iptables -t nat -F

and enable icmp packets:

iptables -I INPUT -i eth1 -p icmp -j ALLOW

does your ping work now ?
0
 
LVL 8

Author Comment

by:kebabs
ID: 20416780
/etc/resolv.conf has the DNS nameservers

/etc/hosts has a record for my hostname and IP to allows Ubuntu to ping itself by hostname and the IPv6 default lines, e.g. fe00::0 ip6-localnet, ff00::0 ip6-mcastprefix

route -n is shown below.

Currently trying the firewall changes mentioned.
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth1
0.0.0.0         192.168.0.1     0.0.0.0         UG    100    0        0 eth1

Open in new window

0
 
LVL 8

Author Comment

by:kebabs
ID: 20416789
Here is full iptables -nvL input chain:

BTW thanks a lot for this help. Much appreciated :)
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  *      *       61.9.133.193         0.0.0.0/0           tcp flags:!0x17/0x02
  294 34565 ACCEPT     udp  --  *      *       61.9.133.193         0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       61.9.194.49          0.0.0.0/0           tcp flags:!0x17/0x02
    3   329 ACCEPT     udp  --  *      *       61.9.194.49          0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       192.168.0.1          0.0.0.0/0           tcp flags:!0x17/0x02
    1   117 ACCEPT     udp  --  *      *       192.168.0.1          0.0.0.0/0
   67 27376 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 10/sec burst 5
    0     0 DROP       0    --  eth1   *       0.0.0.0/0            255.255.255.255
    0     0 DROP       0    --  *      *       0.0.0.0/0            192.168.0.255
    0     0 DROP       0    --  *      *       224.0.0.0/8          0.0.0.0/0
    0     0 DROP       0    --  *      *       0.0.0.0/0            224.0.0.0/8
    0     0 DROP       0    --  *      *       255.255.255.255      0.0.0.0/0
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
    0     0 LSI        0    -f  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 10/min burst 5
13941   12M INBOUND    0    --  eth1   *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG_FILTER  0    --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Unknown Input'

Open in new window

0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20416876
Rule 6 is currently backwards.  Because we are talking about the input chain, it should be source 0.0.0.0/0 destination 192.168.0.1.

INPUT - Packets destined for the box
OUTPUT - Packets originating from the box
FORWARD - Packets passing through the box
0
 
LVL 8

Author Comment

by:kebabs
ID: 20416910
But isn't rule 6 referring to a packet destined for the box from 192.168.0.1

I think the culprit is the 224.0.0.0/8 addresses being denied.
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20416947
Ahhh yes, your server is 192.168.0.11, which means...

Your input rules are fine... i didn't look down far enough.

do the following then tell me if pings work.

iptables -I OUTPUT 1 -p icmp -j ACCEPT

You can do the testing, if successful you can delete the rule after to make it more specific by typing:

iptables -D OUTPUT 1
0
 
LVL 8

Author Comment

by:kebabs
ID: 20417043
Using:
iptables -I OUTPUT 1 -p icmp -j ACCEPT

There was no change, pings still don't work.

Considering pings and file sharing was working 2 days ago, maybe something just overwrote something (mind the vagueness). Any idea on what to reinstall? iptables and firestarter?

Also, if it matters, the one thing that changed between realising that this is not / is working was a change in Firestarter policy to allow VNC on port 5900. That was reverted after it was no longer needed but maybe that caused the problem.

Stopping firewall through Firestarter also doesn't help but I'm not sure if that disables everything firewall related.
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20417061
If interested to find what files changed you may use find command. Most of config files are in /etc

find /etc -mtime -2

0
 
LVL 8

Author Comment

by:kebabs
ID: 20417648
About 100 files listed... maybe I should reinstall Ubuntu.
0
 
LVL 8

Author Comment

by:kebabs
ID: 20433669
Update:

Stopping Firestarter does not stop the entire firewall... why not?

Anyways, I found a fix that I would have had to find later on anyway as properly disabling the firewall was only going to narrow down the problem.

Excuse me for the stupidity, but all I had to do was add 192.168.0.1 (gateway) to the allow list in firestarter (previously, I only added network nodes)

Now, I can access network shares on Windows, ping my computer hostname without an /etc/hosts workaround and am left with one last problem... Windows machines can't access the shares on the Ubuntu m/c, maybe I need to play around with Samba and WINS or whatever needs to be done.

Points split among everyone?
0
 
LVL 13

Accepted Solution

by:
WizRd-Linux earned 250 total points
ID: 20435061
Thats great new that you have it sorted.  I'm not fussed where the points end up if anywhere.
0
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 250 total points
ID: 20435079
Nice that you were able to resolve the problem, how to close and how to split points is yours.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question