Solved

Ubuntu: network/Internet fine but cannot ping LAN computers or itself by computer name

Posted on 2007-12-04
26
6,913 Views
Last Modified: 2012-05-05
I have a wireless network with static DHCP enabled with 3 clients, 2 using WinXP, 1 on Ubuntu

All computers can access Internet fine.

The WinXP computers can share files with each other and ping each other.

The Ubuntu computer cannot even ping the other two. Interestingly, I sent a file from the Ubuntu machine to one of the other computers yesterday so something just happened today.

Also, the Ubuntu machine can only ping itself by IP (192.168.x.x), not by name.

I use Firestarter to manage firewall settings and nothing relevant is being blocked, and if it were blocked, only incoming requests would be affected.

I have tried disabling the software firewalls on the WinXP machines to no avail.

Any suggestions?
0
Comment
Question by:kebabs
  • 12
  • 6
  • 6
  • +2
26 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 20409037
Can you ping default gateway?

Can you show output of ifconfig -a
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20409050
unlikely to be a firewall issue.  If it can't ping by name it is an issue with your /etc/hosts file or internal dns records.

You will likely find that you dns servers listed in /etc/resolv.conf are set to your ISP or similar.

The DNS servers you are using are unable to resolve your server hostname so it doesn't work.

Add your server name to /etc/resolv.conf for the line 192.168.0.1 (or what ever the ip is)
0
 
LVL 8

Author Comment

by:kebabs
ID: 20409053
Yes, I can ping default gateway.

ifconfig -a
eth0      Link encap:Ethernet  HWaddr [mac address (hidden)]

          UP BROADCAST MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

          Interrupt:17
 

eth1      Link encap:Ethernet  HWaddr [mac address (hidden)]

          inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:2725 errors:13606 dropped:14047 overruns:0 frame:0

          TX packets:1956 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:96726113 (92.2 MB)  TX bytes:61704914 (58.8 MB)

          Interrupt:17 Base address:0x8000 Memory:f9fff000-f9ffffff
 

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:182534 errors:0 dropped:0 overruns:0 frame:0

          TX packets:182534 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:245880265 (234.4 MB)  TX bytes:245880265 (234.4 MB)

Open in new window

0
 
LVL 8

Author Comment

by:kebabs
ID: 20409063
WizRd-Linux, ok, that's fine, I would prefer not to but I can manually add it so that the hostname resolves to the IP.

Anyway, the main problem is not being able to ping the Windows machines (by IP or name)
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20409069
What is the default gateway? netstat -rn

Can you ping default gateway?

Can you run nslookup and resolve domains?
0
 
LVL 8

Author Comment

by:kebabs
ID: 20409074
Omar, default gateway is 192.168.0.1, can be pinged, and can resolve domains via nslookup
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20409086
Ok

What is the ip address and subnet mask of the Win XP m/c?

0
 
LVL 8

Author Comment

by:kebabs
ID: 20409091
192.168.0.13/255.255.255.0
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20409118
Can you paste the output of iptables -nvL?

Your network is setup correctly, so unless you have VLANs configured on your switch and the linux box and XP clients are in differnet vlans you should be able to access them.

The last thing it could be is firewall related.
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20409135
It should be able to ping each other if they are on the same network, unless there is a firewall on either m/cs blocking.

Can you ping from the windows m/cs to  the ubuntu m/c ?

0
 
LVL 8

Author Comment

by:kebabs
ID: 20409370
I think it's just paranoia but I'd rather not show the full output, below are some of the dropped packets.

Omar, can't ping from either side.


Chain OUTPUT (policy DROP 1 packets, 199 bytes)

 pkts bytes target     prot opt in     out     source               destination

    0     0 DROP       0    --  *      *       224.0.0.0/8          0.0.0.0/0

    8  1991 DROP       0    --  *      *       0.0.0.0/0            224.0.0.0/8

    0     0 DROP       0    --  *      *       255.255.255.255      0.0.0.0/0

    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0

    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID

Open in new window

0
 
LVL 3

Expert Comment

by:amirs80
ID: 20409730
can u ping the ubunto pc from xp pcs, if u can then  check the xp firewall bcoz default software firewall is applied on xp systems which doesn't allow any thing
0
 
LVL 8

Author Comment

by:kebabs
ID: 20409768
Yes, I think I already mentioned that pings from both sides time out and that software firewalls on the XP systems were restarted. And yes, Windows Firewall is disabled.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20410988
Pings from the linux box out will be dropped by rule 4. Show me your INPUT chain, I'm sure to find someone else in there not quiet right.

iptables -nvL again and paste the Chain INPUT section.
0
 
LVL 5

Expert Comment

by:Jozk0
ID: 20413556
Please provide the output of:

# cat /etc/resolv.conf
# cat /etc/hosts
# route -n

It can also happen that the Ubuntu box is blocking icmp responses from the windows boxes. To doublecheck this, first drop all rules:

iptables -F
iptables -t nat -F

and enable icmp packets:

iptables -I INPUT -i eth1 -p icmp -j ALLOW

does your ping work now ?
0
 
LVL 8

Author Comment

by:kebabs
ID: 20416780
/etc/resolv.conf has the DNS nameservers

/etc/hosts has a record for my hostname and IP to allows Ubuntu to ping itself by hostname and the IPv6 default lines, e.g. fe00::0 ip6-localnet, ff00::0 ip6-mcastprefix

route -n is shown below.

Currently trying the firewall changes mentioned.
Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth1

0.0.0.0         192.168.0.1     0.0.0.0         UG    100    0        0 eth1

Open in new window

0
 
LVL 8

Author Comment

by:kebabs
ID: 20416789
Here is full iptables -nvL input chain:

BTW thanks a lot for this help. Much appreciated :)
Chain INPUT (policy DROP 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

    0     0 ACCEPT     tcp  --  *      *       61.9.133.193         0.0.0.0/0           tcp flags:!0x17/0x02

  294 34565 ACCEPT     udp  --  *      *       61.9.133.193         0.0.0.0/0

    0     0 ACCEPT     tcp  --  *      *       61.9.194.49          0.0.0.0/0           tcp flags:!0x17/0x02

    3   329 ACCEPT     udp  --  *      *       61.9.194.49          0.0.0.0/0

    0     0 ACCEPT     tcp  --  *      *       192.168.0.1          0.0.0.0/0           tcp flags:!0x17/0x02

    1   117 ACCEPT     udp  --  *      *       192.168.0.1          0.0.0.0/0

   67 27376 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0

    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 10/sec burst 5

    0     0 DROP       0    --  eth1   *       0.0.0.0/0            255.255.255.255

    0     0 DROP       0    --  *      *       0.0.0.0/0            192.168.0.255

    0     0 DROP       0    --  *      *       224.0.0.0/8          0.0.0.0/0

    0     0 DROP       0    --  *      *       0.0.0.0/0            224.0.0.0/8

    0     0 DROP       0    --  *      *       255.255.255.255      0.0.0.0/0

    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0

    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID

    0     0 LSI        0    -f  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 10/min burst 5

13941   12M INBOUND    0    --  eth1   *       0.0.0.0/0            0.0.0.0/0

    0     0 LOG_FILTER  0    --  *      *       0.0.0.0/0            0.0.0.0/0

    0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Unknown Input'

Open in new window

0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20416876
Rule 6 is currently backwards.  Because we are talking about the input chain, it should be source 0.0.0.0/0 destination 192.168.0.1.

INPUT - Packets destined for the box
OUTPUT - Packets originating from the box
FORWARD - Packets passing through the box
0
 
LVL 8

Author Comment

by:kebabs
ID: 20416910
But isn't rule 6 referring to a packet destined for the box from 192.168.0.1

I think the culprit is the 224.0.0.0/8 addresses being denied.
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 20416947
Ahhh yes, your server is 192.168.0.11, which means...

Your input rules are fine... i didn't look down far enough.

do the following then tell me if pings work.

iptables -I OUTPUT 1 -p icmp -j ACCEPT

You can do the testing, if successful you can delete the rule after to make it more specific by typing:

iptables -D OUTPUT 1
0
 
LVL 8

Author Comment

by:kebabs
ID: 20417043
Using:
iptables -I OUTPUT 1 -p icmp -j ACCEPT

There was no change, pings still don't work.

Considering pings and file sharing was working 2 days ago, maybe something just overwrote something (mind the vagueness). Any idea on what to reinstall? iptables and firestarter?

Also, if it matters, the one thing that changed between realising that this is not / is working was a change in Firestarter policy to allow VNC on port 5900. That was reverted after it was no longer needed but maybe that caused the problem.

Stopping firewall through Firestarter also doesn't help but I'm not sure if that disables everything firewall related.
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 20417061
If interested to find what files changed you may use find command. Most of config files are in /etc

find /etc -mtime -2

0
 
LVL 8

Author Comment

by:kebabs
ID: 20417648
About 100 files listed... maybe I should reinstall Ubuntu.
0
 
LVL 8

Author Comment

by:kebabs
ID: 20433669
Update:

Stopping Firestarter does not stop the entire firewall... why not?

Anyways, I found a fix that I would have had to find later on anyway as properly disabling the firewall was only going to narrow down the problem.

Excuse me for the stupidity, but all I had to do was add 192.168.0.1 (gateway) to the allow list in firestarter (previously, I only added network nodes)

Now, I can access network shares on Windows, ping my computer hostname without an /etc/hosts workaround and am left with one last problem... Windows machines can't access the shares on the Ubuntu m/c, maybe I need to play around with Samba and WINS or whatever needs to be done.

Points split among everyone?
0
 
LVL 13

Accepted Solution

by:
WizRd-Linux earned 250 total points
ID: 20435061
Thats great new that you have it sorted.  I'm not fussed where the points end up if anywhere.
0
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 250 total points
ID: 20435079
Nice that you were able to resolve the problem, how to close and how to split points is yours.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now