LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-29-2010, 01:25 PM   #1
ugolee
LQ Newbie
 
Registered: Apr 2010
Posts: 7

Rep: Reputation: 0
Can't Ping past gateway. Can ping server from outside


So, I have an Virtual Machine running CentOS 5.4. It sits behind a hardware firewall which also does NAT'ing. I've set up plenty of these, so I know for sure the firewall and NAT rules are set up correctly.

From the host, I can ping anything in my subnet and the gateway. But I can't ping anything else beyond the gateway. I can perform DNS queries and when I try to ping, it finds the appropriate IP address.

But from the outside, I can ping the PUBLIC address (It's a 1 public to 1 private address NAT, not 1 public to multiple private).

I've tried it with IPTABLES on and off, with no change.

Here are the networking configurations.

root@host ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Intel Corporation 82545EM Gigabit Ethernet Controller (Copper)
DEVICE=eth0
BOOTPROTO=none
BROADCAST=192.168.50.255
HWADDR=00:50:56:85:18:04
IPADDR=192.168.50.49
NETMASK=255.255.255.0
NETWORK=192.168.50.0
ONBOOT=yes
GATEWAY=192.168.50.1
TYPE=Ethernet

[root@host ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=host.domain.com

[root@host ~]# cat /etc/resolv.conf
search domain.com
nameserver 192.168.50.32
nameserver 192.168.50.34

[root@host~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.50.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default 192.168.50.1 0.0.0.0 UG 0 0 0 eth0


Any ideas?
 
Old 04-29-2010, 01:55 PM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,644

Rep: Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523
Post the output of "ifconfig eth0". Is 192.168.50.1 your gateway? Is it properly set to forward traffic?
 
Old 04-29-2010, 02:59 PM   #3
ugolee
LQ Newbie
 
Registered: Apr 2010
Posts: 7

Original Poster
Rep: Reputation: 0
Sorry, I posted the network information from a similar VM (same subnet). Here's all the networking info for this host.

And yes, 192.168.50.1 is the gateway. It is forwarding traffic as all the other hosts in the subnet are able to route traffic properly.

[root@host ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:50:56:85:3C:F8
inet addr:192.168.50.53 Bcast:192.168.50.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fe85:3cf8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:130469 errors:0 dropped:0 overruns:0 frame:0
TX packets:852 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:11329373 (10.8 MiB) TX bytes:107285 (104.7 KiB)
Base address:0x2000 Memory:d8920000-d8940000

[root@host ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Intel Corporation 82545EM Gigabit Ethernet Controller (Copper)
DEVICE=eth0
BOOTPROTO=none
BROADCAST=192.168.50.255
HWADDR=00:50:56:85:3c:f8
IPADDR=192.168.50.53
NETMASK=255.255.255.0
NETWORK=192.168.50.0
ONBOOT=yes
GATEWAY=192.168.50.1
TYPE=Ethernet

[root@host ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=host.domain.com

[root@host ~]# cat /etc/resolv.conf
search domain.com
nameserver 192.168.50.31
nameserver 192.168.50.32

[root@host ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.50.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default 192.168.50.1 0.0.0.0 UG 0 0 0 eth0
 
Old 04-29-2010, 03:05 PM   #4
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,644

Rep: Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523
What message do you get when you ping an outside address? Please post the full command you run and its result as you have been doing.
 
Old 04-29-2010, 03:10 PM   #5
ugolee
LQ Newbie
 
Registered: Apr 2010
Posts: 7

Original Poster
Rep: Reputation: 0
[root@host ~]# ping www.google.com

PING www.l.google.com (74.125.19.99) 56(84) bytes of data.

--- www.l.google.com ping statistics ---
419 packets transmitted, 0 received, 100% packet loss, time 418315ms

[root@host ~]# ping 74.125.19.99
PING 74.125.19.99 (74.125.19.99) 56(84) bytes of data.

--- 74.125.19.99 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4000ms
 
Old 04-29-2010, 03:18 PM   #6
ugolee
LQ Newbie
 
Registered: Apr 2010
Posts: 7

Original Poster
Rep: Reputation: 0
And just so you know, I can SSH into the box from the outside using the Public Address.
 
Old 04-29-2010, 05:22 PM   #7
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,644

Rep: Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523
and: traceroute 74.125.19.99
 
Old 04-29-2010, 06:15 PM   #8
ugolee
LQ Newbie
 
Registered: Apr 2010
Posts: 7

Original Poster
Rep: Reputation: 0
Nada on the traceroute. Just * * *
Traceroute from an outside server to the public IP works fine.
 
Old 04-29-2010, 06:32 PM   #9
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,644

Rep: Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523
Running out of ideas..

ethtool eth0, check that it's 100mbps (or 1000) and full duplex.. reseat wires, try a different card, reboot, ...
 
Old 04-30-2010, 10:00 PM   #10
LVsFINEST
Member
 
Registered: Aug 2006
Posts: 94

Rep: Reputation: 21
If you can ping other hosts on your network, we know you have connectivity (link) and traffic is not being blocked (iptables). www.google.com was resolved during your ping session even... This all points to a problem with your routes, or the default gateway config (in my mind at least). Ping www.google.com again while running a packet capture on your default routed iface (eth0 according to your configs) and ensure the traffic is actually going out the intended interface.

Here's a couple things to try too:

Specify the 'GATEWAY=192.168.50.1' in /etc/sysconfig/network (not ifcfg-eth0) and restart networking

and/or

Remove all routes and readd them.

Also, I've always used the 'ip route' command to view/add/del routes and I'm not really familiar with the 'route' command. I have compared your route output to mine, and they're almost identical aside from the IPs. I'm curious as to what the output is if you run 'ip route'...?
 
Old 04-30-2010, 11:06 PM   #11
SuperJediWombat!
Member
 
Registered: Apr 2009
Location: Perth, Australia
Distribution: Ubuntu/CentOS
Posts: 208

Rep: Reputation: 50
I have the same thoughts as LVsFINEST.
Can you run tcpdump on the interface, and test pinging out to an external address, then in from an external host to your servers public IP.

Exactly what kind of hardware firewall are you running? Can we see a packet trace from that box (of the failed ping attempts)?

Also, you specifically mention pings failing, are all other network protocols broken too?

Is 192.168.50.1 the hardware firewall you mention? Are you sure the firewall rules are correct?

Last edited by SuperJediWombat!; 04-30-2010 at 11:08 PM.
 
Old 05-01-2010, 11:35 PM   #12
ugolee
LQ Newbie
 
Registered: Apr 2010
Posts: 7

Original Poster
Rep: Reputation: 0
Okay, I figured out the problem. There was another host in the subnet that was using the IP that was assigned to my server. For some reason, it was that host that was receiving all the ICMP traffic. I figure that the SSH traffic to my server was going through because port 22 was blocked on that host so the traffic went to me. Very strange behavior, but it's fixed.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot ping past gateway on LAN from RHEL box HugoChavez Linux - Networking 1 10-19-2007 07:10 PM
How to ping gateway and dns server banner Linux - Newbie 3 05-08-2005 05:49 AM
PPP establish can ping the gateway router but unable to ping the host deepalalla Linux - Networking 0 11-18-2004 09:10 AM
dhcp client can't ping gateway but can ping other local hosts dirty_forks Linux - Networking 7 10-08-2004 10:54 AM


All times are GMT -5. The time now is 03:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration