Solved

Ubuntu: network/Internet fine but cannot ping LAN computers or itself by computer name

Posted on 2007-12-04
26
6,911 Views
Last Modified: 2012-05-05
I have a wireless network with static DHCP enabled with 3 clients, 2 using WinXP, 1 on Ubuntu

All computers can access Internet fine.

The WinXP computers can share files with each other and ping each other.

The Ubuntu computer cannot even ping the other two. Interestingly, I sent a file from the Ubuntu machine to one of the other computers yesterday so something just happened today.

Also, the Ubuntu machine can only ping itself by IP (192.168.x.x), not by name.

I use Firestarter to manage firewall settings and nothing relevant is being blocked, and if it were blocked, only incoming requests would be affected.

I have tried disabling the software firewalls on the WinXP machines to no avail.

Any suggestions?
0
Comment
Question by:kebabs
  • 12
  • 6
  • 6
  • +2
26 Comments
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
Can you ping default gateway?

Can you show output of ifconfig -a
0
 
LVL 13

Expert Comment

by:WizRd-Linux
Comment Utility
unlikely to be a firewall issue.  If it can't ping by name it is an issue with your /etc/hosts file or internal dns records.

You will likely find that you dns servers listed in /etc/resolv.conf are set to your ISP or similar.

The DNS servers you are using are unable to resolve your server hostname so it doesn't work.

Add your server name to /etc/resolv.conf for the line 192.168.0.1 (or what ever the ip is)
0
 
LVL 8

Author Comment

by:kebabs
Comment Utility
Yes, I can ping default gateway.

ifconfig -a
eth0      Link encap:Ethernet  HWaddr [mac address (hidden)]

          UP BROADCAST MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

          Interrupt:17
 

eth1      Link encap:Ethernet  HWaddr [mac address (hidden)]

          inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:2725 errors:13606 dropped:14047 overruns:0 frame:0

          TX packets:1956 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:96726113 (92.2 MB)  TX bytes:61704914 (58.8 MB)

          Interrupt:17 Base address:0x8000 Memory:f9fff000-f9ffffff
 

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:182534 errors:0 dropped:0 overruns:0 frame:0

          TX packets:182534 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:245880265 (234.4 MB)  TX bytes:245880265 (234.4 MB)

Open in new window

0
 
LVL 8

Author Comment

by:kebabs
Comment Utility
WizRd-Linux, ok, that's fine, I would prefer not to but I can manually add it so that the hostname resolves to the IP.

Anyway, the main problem is not being able to ping the Windows machines (by IP or name)
0
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
What is the default gateway? netstat -rn

Can you ping default gateway?

Can you run nslookup and resolve domains?
0
 
LVL 8

Author Comment

by:kebabs
Comment Utility
Omar, default gateway is 192.168.0.1, can be pinged, and can resolve domains via nslookup
0
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
Ok

What is the ip address and subnet mask of the Win XP m/c?

0
 
LVL 8

Author Comment

by:kebabs
Comment Utility
192.168.0.13/255.255.255.0
0
 
LVL 13

Expert Comment

by:WizRd-Linux
Comment Utility
Can you paste the output of iptables -nvL?

Your network is setup correctly, so unless you have VLANs configured on your switch and the linux box and XP clients are in differnet vlans you should be able to access them.

The last thing it could be is firewall related.
0
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
It should be able to ping each other if they are on the same network, unless there is a firewall on either m/cs blocking.

Can you ping from the windows m/cs to  the ubuntu m/c ?

0
 
LVL 8

Author Comment

by:kebabs
Comment Utility
I think it's just paranoia but I'd rather not show the full output, below are some of the dropped packets.

Omar, can't ping from either side.


Chain OUTPUT (policy DROP 1 packets, 199 bytes)

 pkts bytes target     prot opt in     out     source               destination

    0     0 DROP       0    --  *      *       224.0.0.0/8          0.0.0.0/0

    8  1991 DROP       0    --  *      *       0.0.0.0/0            224.0.0.0/8

    0     0 DROP       0    --  *      *       255.255.255.255      0.0.0.0/0

    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0

    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID

Open in new window

0
 
LVL 3

Expert Comment

by:amirs80
Comment Utility
can u ping the ubunto pc from xp pcs, if u can then  check the xp firewall bcoz default software firewall is applied on xp systems which doesn't allow any thing
0
 
LVL 8

Author Comment

by:kebabs
Comment Utility
Yes, I think I already mentioned that pings from both sides time out and that software firewalls on the XP systems were restarted. And yes, Windows Firewall is disabled.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 13

Expert Comment

by:WizRd-Linux
Comment Utility
Pings from the linux box out will be dropped by rule 4. Show me your INPUT chain, I'm sure to find someone else in there not quiet right.

iptables -nvL again and paste the Chain INPUT section.
0
 
LVL 5

Expert Comment

by:Jozk0
Comment Utility
Please provide the output of:

# cat /etc/resolv.conf
# cat /etc/hosts
# route -n

It can also happen that the Ubuntu box is blocking icmp responses from the windows boxes. To doublecheck this, first drop all rules:

iptables -F
iptables -t nat -F

and enable icmp packets:

iptables -I INPUT -i eth1 -p icmp -j ALLOW

does your ping work now ?
0
 
LVL 8

Author Comment

by:kebabs
Comment Utility
/etc/resolv.conf has the DNS nameservers

/etc/hosts has a record for my hostname and IP to allows Ubuntu to ping itself by hostname and the IPv6 default lines, e.g. fe00::0 ip6-localnet, ff00::0 ip6-mcastprefix

route -n is shown below.

Currently trying the firewall changes mentioned.
Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth1

0.0.0.0         192.168.0.1     0.0.0.0         UG    100    0        0 eth1

Open in new window

0
 
LVL 8

Author Comment

by:kebabs
Comment Utility
Here is full iptables -nvL input chain:

BTW thanks a lot for this help. Much appreciated :)
Chain INPUT (policy DROP 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

    0     0 ACCEPT     tcp  --  *      *       61.9.133.193         0.0.0.0/0           tcp flags:!0x17/0x02

  294 34565 ACCEPT     udp  --  *      *       61.9.133.193         0.0.0.0/0

    0     0 ACCEPT     tcp  --  *      *       61.9.194.49          0.0.0.0/0           tcp flags:!0x17/0x02

    3   329 ACCEPT     udp  --  *      *       61.9.194.49          0.0.0.0/0

    0     0 ACCEPT     tcp  --  *      *       192.168.0.1          0.0.0.0/0           tcp flags:!0x17/0x02

    1   117 ACCEPT     udp  --  *      *       192.168.0.1          0.0.0.0/0

   67 27376 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0

    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 10/sec burst 5

    0     0 DROP       0    --  eth1   *       0.0.0.0/0            255.255.255.255

    0     0 DROP       0    --  *      *       0.0.0.0/0            192.168.0.255

    0     0 DROP       0    --  *      *       224.0.0.0/8          0.0.0.0/0

    0     0 DROP       0    --  *      *       0.0.0.0/0            224.0.0.0/8

    0     0 DROP       0    --  *      *       255.255.255.255      0.0.0.0/0

    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0

    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID

    0     0 LSI        0    -f  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 10/min burst 5

13941   12M INBOUND    0    --  eth1   *       0.0.0.0/0            0.0.0.0/0

    0     0 LOG_FILTER  0    --  *      *       0.0.0.0/0            0.0.0.0/0

    0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Unknown Input'

Open in new window

0
 
LVL 13

Expert Comment

by:WizRd-Linux
Comment Utility
Rule 6 is currently backwards.  Because we are talking about the input chain, it should be source 0.0.0.0/0 destination 192.168.0.1.

INPUT - Packets destined for the box
OUTPUT - Packets originating from the box
FORWARD - Packets passing through the box
0
 
LVL 8

Author Comment

by:kebabs
Comment Utility
But isn't rule 6 referring to a packet destined for the box from 192.168.0.1

I think the culprit is the 224.0.0.0/8 addresses being denied.
0
 
LVL 13

Expert Comment

by:WizRd-Linux
Comment Utility
Ahhh yes, your server is 192.168.0.11, which means...

Your input rules are fine... i didn't look down far enough.

do the following then tell me if pings work.

iptables -I OUTPUT 1 -p icmp -j ACCEPT

You can do the testing, if successful you can delete the rule after to make it more specific by typing:

iptables -D OUTPUT 1
0
 
LVL 8

Author Comment

by:kebabs
Comment Utility
Using:
iptables -I OUTPUT 1 -p icmp -j ACCEPT

There was no change, pings still don't work.

Considering pings and file sharing was working 2 days ago, maybe something just overwrote something (mind the vagueness). Any idea on what to reinstall? iptables and firestarter?

Also, if it matters, the one thing that changed between realising that this is not / is working was a change in Firestarter policy to allow VNC on port 5900. That was reverted after it was no longer needed but maybe that caused the problem.

Stopping firewall through Firestarter also doesn't help but I'm not sure if that disables everything firewall related.
0
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
If interested to find what files changed you may use find command. Most of config files are in /etc

find /etc -mtime -2

0
 
LVL 8

Author Comment

by:kebabs
Comment Utility
About 100 files listed... maybe I should reinstall Ubuntu.
0
 
LVL 8

Author Comment

by:kebabs
Comment Utility
Update:

Stopping Firestarter does not stop the entire firewall... why not?

Anyways, I found a fix that I would have had to find later on anyway as properly disabling the firewall was only going to narrow down the problem.

Excuse me for the stupidity, but all I had to do was add 192.168.0.1 (gateway) to the allow list in firestarter (previously, I only added network nodes)

Now, I can access network shares on Windows, ping my computer hostname without an /etc/hosts workaround and am left with one last problem... Windows machines can't access the shares on the Ubuntu m/c, maybe I need to play around with Samba and WINS or whatever needs to be done.

Points split among everyone?
0
 
LVL 13

Accepted Solution

by:
WizRd-Linux earned 250 total points
Comment Utility
Thats great new that you have it sorted.  I'm not fussed where the points end up if anywhere.
0
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 250 total points
Comment Utility
Nice that you were able to resolve the problem, how to close and how to split points is yours.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Join & Write a Comment

I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now