Ubuntu: network/Internet fine but cannot ping LAN computers or itself by computer name

I have a wireless network with static DHCP enabled with 3 clients, 2 using WinXP, 1 on Ubuntu

All computers can access Internet fine.

The WinXP computers can share files with each other and ping each other.

The Ubuntu computer cannot even ping the other two. Interestingly, I sent a file from the Ubuntu machine to one of the other computers yesterday so something just happened today.

Also, the Ubuntu machine can only ping itself by IP (192.168.x.x), not by name.

I use Firestarter to manage firewall settings and nothing relevant is being blocked, and if it were blocked, only incoming requests would be affected.

I have tried disabling the software firewalls on the WinXP machines to no avail.

Any suggestions?
LVL 8
kebabsAsked:
Who is Participating?
 
WizRd-LinuxConnect With a Mentor Commented:
Thats great new that you have it sorted.  I'm not fussed where the points end up if anywhere.
0
 
omarfaridCommented:
Can you ping default gateway?

Can you show output of ifconfig -a
0
 
WizRd-LinuxCommented:
unlikely to be a firewall issue.  If it can't ping by name it is an issue with your /etc/hosts file or internal dns records.

You will likely find that you dns servers listed in /etc/resolv.conf are set to your ISP or similar.

The DNS servers you are using are unable to resolve your server hostname so it doesn't work.

Add your server name to /etc/resolv.conf for the line 192.168.0.1 (or what ever the ip is)
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
kebabsAuthor Commented:
Yes, I can ping default gateway.

ifconfig -a
eth0      Link encap:Ethernet  HWaddr [mac address (hidden)]
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:17
 
eth1      Link encap:Ethernet  HWaddr [mac address (hidden)]
          inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2725 errors:13606 dropped:14047 overruns:0 frame:0
          TX packets:1956 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:96726113 (92.2 MB)  TX bytes:61704914 (58.8 MB)
          Interrupt:17 Base address:0x8000 Memory:f9fff000-f9ffffff
 
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:182534 errors:0 dropped:0 overruns:0 frame:0
          TX packets:182534 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:245880265 (234.4 MB)  TX bytes:245880265 (234.4 MB)

Open in new window

0
 
kebabsAuthor Commented:
WizRd-Linux, ok, that's fine, I would prefer not to but I can manually add it so that the hostname resolves to the IP.

Anyway, the main problem is not being able to ping the Windows machines (by IP or name)
0
 
omarfaridCommented:
What is the default gateway? netstat -rn

Can you ping default gateway?

Can you run nslookup and resolve domains?
0
 
kebabsAuthor Commented:
Omar, default gateway is 192.168.0.1, can be pinged, and can resolve domains via nslookup
0
 
omarfaridCommented:
Ok

What is the ip address and subnet mask of the Win XP m/c?

0
 
kebabsAuthor Commented:
192.168.0.13/255.255.255.0
0
 
WizRd-LinuxCommented:
Can you paste the output of iptables -nvL?

Your network is setup correctly, so unless you have VLANs configured on your switch and the linux box and XP clients are in differnet vlans you should be able to access them.

The last thing it could be is firewall related.
0
 
omarfaridCommented:
It should be able to ping each other if they are on the same network, unless there is a firewall on either m/cs blocking.

Can you ping from the windows m/cs to  the ubuntu m/c ?

0
 
kebabsAuthor Commented:
I think it's just paranoia but I'd rather not show the full output, below are some of the dropped packets.

Omar, can't ping from either side.


Chain OUTPUT (policy DROP 1 packets, 199 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       0    --  *      *       224.0.0.0/8          0.0.0.0/0
    8  1991 DROP       0    --  *      *       0.0.0.0/0            224.0.0.0/8
    0     0 DROP       0    --  *      *       255.255.255.255      0.0.0.0/0
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID

Open in new window

0
 
amirs80Commented:
can u ping the ubunto pc from xp pcs, if u can then  check the xp firewall bcoz default software firewall is applied on xp systems which doesn't allow any thing
0
 
kebabsAuthor Commented:
Yes, I think I already mentioned that pings from both sides time out and that software firewalls on the XP systems were restarted. And yes, Windows Firewall is disabled.
0
 
WizRd-LinuxCommented:
Pings from the linux box out will be dropped by rule 4. Show me your INPUT chain, I'm sure to find someone else in there not quiet right.

iptables -nvL again and paste the Chain INPUT section.
0
 
Jozk0Commented:
Please provide the output of:

# cat /etc/resolv.conf
# cat /etc/hosts
# route -n

It can also happen that the Ubuntu box is blocking icmp responses from the windows boxes. To doublecheck this, first drop all rules:

iptables -F
iptables -t nat -F

and enable icmp packets:

iptables -I INPUT -i eth1 -p icmp -j ALLOW

does your ping work now ?
0
 
kebabsAuthor Commented:
/etc/resolv.conf has the DNS nameservers

/etc/hosts has a record for my hostname and IP to allows Ubuntu to ping itself by hostname and the IPv6 default lines, e.g. fe00::0 ip6-localnet, ff00::0 ip6-mcastprefix

route -n is shown below.

Currently trying the firewall changes mentioned.
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth1
0.0.0.0         192.168.0.1     0.0.0.0         UG    100    0        0 eth1

Open in new window

0
 
kebabsAuthor Commented:
Here is full iptables -nvL input chain:

BTW thanks a lot for this help. Much appreciated :)
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  *      *       61.9.133.193         0.0.0.0/0           tcp flags:!0x17/0x02
  294 34565 ACCEPT     udp  --  *      *       61.9.133.193         0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       61.9.194.49          0.0.0.0/0           tcp flags:!0x17/0x02
    3   329 ACCEPT     udp  --  *      *       61.9.194.49          0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       192.168.0.1          0.0.0.0/0           tcp flags:!0x17/0x02
    1   117 ACCEPT     udp  --  *      *       192.168.0.1          0.0.0.0/0
   67 27376 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 10/sec burst 5
    0     0 DROP       0    --  eth1   *       0.0.0.0/0            255.255.255.255
    0     0 DROP       0    --  *      *       0.0.0.0/0            192.168.0.255
    0     0 DROP       0    --  *      *       224.0.0.0/8          0.0.0.0/0
    0     0 DROP       0    --  *      *       0.0.0.0/0            224.0.0.0/8
    0     0 DROP       0    --  *      *       255.255.255.255      0.0.0.0/0
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0
    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
    0     0 LSI        0    -f  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 10/min burst 5
13941   12M INBOUND    0    --  eth1   *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG_FILTER  0    --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Unknown Input'

Open in new window

0
 
WizRd-LinuxCommented:
Rule 6 is currently backwards.  Because we are talking about the input chain, it should be source 0.0.0.0/0 destination 192.168.0.1.

INPUT - Packets destined for the box
OUTPUT - Packets originating from the box
FORWARD - Packets passing through the box
0
 
kebabsAuthor Commented:
But isn't rule 6 referring to a packet destined for the box from 192.168.0.1

I think the culprit is the 224.0.0.0/8 addresses being denied.
0
 
WizRd-LinuxCommented:
Ahhh yes, your server is 192.168.0.11, which means...

Your input rules are fine... i didn't look down far enough.

do the following then tell me if pings work.

iptables -I OUTPUT 1 -p icmp -j ACCEPT

You can do the testing, if successful you can delete the rule after to make it more specific by typing:

iptables -D OUTPUT 1
0
 
kebabsAuthor Commented:
Using:
iptables -I OUTPUT 1 -p icmp -j ACCEPT

There was no change, pings still don't work.

Considering pings and file sharing was working 2 days ago, maybe something just overwrote something (mind the vagueness). Any idea on what to reinstall? iptables and firestarter?

Also, if it matters, the one thing that changed between realising that this is not / is working was a change in Firestarter policy to allow VNC on port 5900. That was reverted after it was no longer needed but maybe that caused the problem.

Stopping firewall through Firestarter also doesn't help but I'm not sure if that disables everything firewall related.
0
 
omarfaridCommented:
If interested to find what files changed you may use find command. Most of config files are in /etc

find /etc -mtime -2

0
 
kebabsAuthor Commented:
About 100 files listed... maybe I should reinstall Ubuntu.
0
 
kebabsAuthor Commented:
Update:

Stopping Firestarter does not stop the entire firewall... why not?

Anyways, I found a fix that I would have had to find later on anyway as properly disabling the firewall was only going to narrow down the problem.

Excuse me for the stupidity, but all I had to do was add 192.168.0.1 (gateway) to the allow list in firestarter (previously, I only added network nodes)

Now, I can access network shares on Windows, ping my computer hostname without an /etc/hosts workaround and am left with one last problem... Windows machines can't access the shares on the Ubuntu m/c, maybe I need to play around with Samba and WINS or whatever needs to be done.

Points split among everyone?
0
 
omarfaridConnect With a Mentor Commented:
Nice that you were able to resolve the problem, how to close and how to split points is yours.
0
All Courses

From novice to tech pro — start learning today.