Hello folks. I have a DSL modem/combo router, the Netopia 2210-02. I have numerous external (internet) static IPs which are mapped by the router to internal addresses on my internal subnet. I have a Fedora Core 9 x86_64 box which is a fresh install, and I am unable to ping this host's external IP from the host itself. Other machines on the internal subnet can reach the external IP of the host in question, and I can ssh to it from anywhere, local or external. It's only once I'm logged into the host itself that its external IP no longer can be reached. It's notable that Windows hosts of the same configuration are able to ping themselves with their own external IPs with no problem, so I'm inclined to believe its a configuration problem on the host itself.

I've concealed the true values of a few items with "XX", but this is the layout of the network (please forgive my verbosity as I'm trying to forego further posting):

External Addresses
------------------
XX.XX.222.241 -- router reserved
XX.XX.222.242-247 -- static IP range
XX.XX.222.248 -- router reserved

Internal Network
------------------
Subnet/Mask 192.168.100.0/255.255.255.0
DHCP Range 192.168.100.100 - 200
Static IP Reservations from 192.168.100.242-247 corresponding to external IPs last quad (to make them easy to remember).

This particular host (bracchus) was assigned to XX.XX.222.244 externally on the router, while the interface itself is assigned to 192.168.100.244. The router is mapping XX.XX.222.244 to 192.168.100.244. I also tried adding a Static ARP on the router for the external address to the MAC address of the host's card. This had no effect. This problem seems to only exist on my Fedora 9 and Gentoo hosts. I'm detailing only the Fedora 9 hosts's config here, as I suspect I'll be able to figure out Gentoo's necessary changes based on that.


The following file was generated by the system-config-network-tui utility.
---------------------------------------
#/etc/sysconfig/network-scripts/ifcfg-eth0
# Broadcom Corporation NetXtreme BCM5721 Gigabit Ethernet PCI Express
DEVICE=eth0
BOOTPROTO=none
HWADDR=00:1d:09:fb:ca:b6
ONBOOT=yes
SEARCH="XX.com"
NM_CONTROLLED=no
TYPE=Ethernet
NETMASK=255.255.255.0
IPADDR=192.168.100.244
GATEWAY=192.168.100.254

---------------------------------------
[root@bracchus ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1D:09:FB:CA:B6
inet addr:192.168.100.244 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::21d:9ff:fefb:cab6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2344 errors:0 dropped:0 overruns:0 frame:0
TX packets:241 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:176281 (172.1 KiB) TX bytes:31578 (30.8 KiB)
Interrupt:16

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:15 errors:0 dropped:0 overruns:0 frame:0
TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1096 (1.0 KiB) TX bytes:1096 (1.0 KiB)



------------------------------------

[root@bracchus ~]# ping 192.168.100.244
PING 192.168.100.244 (192.168.100.244) 56(84) bytes of data.
64 bytes from 192.168.100.244: icmp_seq=1 ttl=64 time=0.071 ms
64 bytes from 192.168.100.244: icmp_seq=2 ttl=64 time=0.028 ms
64 bytes from 192.168.100.244: icmp_seq=3 ttl=64 time=0.023 ms
^C
--- 192.168.100.244 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2356ms
rtt min/avg/max/mdev = 0.023/0.040/0.071/0.022 ms

[root@bracchus ~]# ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.035 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.030 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.037 ms
^C
--- 127.0.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2150ms
rtt min/avg/max/mdev = 0.030/0.034/0.037/0.003 ms

[root@bracchus ~]# ping XX.XX.222.244
PING XX.XX.222.244 (XX.XX.222.244) 56(84) bytes of data.
^C
--- XX.XX.222.244 ping statistics ---
63 packets transmitted, 0 received, 100% packet loss, time 62047ms


--------------------------------------

This last ping attempt to the external IP simply hangs indefinitely until break. I understand the kernel pulls a little magic trick routing the packets to the loopback interface when the address in question matches any interface configured on the local machine. It's clear that machines on the internal network are not even necessarily explicitly aware (through configuration) of their own external addresses until the requests hit the router and are referenced back. This makes me wonder if it could be that this is causing some of sort of race condition with routing queries due to misconfiguration on my part? I included the routing table below:

------------------------------------
[root@bracchus ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 0 0 0 eth0
default 192.168.100.254 0.0.0.0 UG 0 0 0 eth0

=------------------------------------

In order to not confound troubleshooting, both iptables and the nat table have been completely flushed on the hosts in question, and the firewall disabled completely on the router, including stateful inspection, etc. etc. Everything is wide open, and the entire flow rebooted from router to host several times over.

Thanks in advance for your time and attention. I've been struggling with this one for a few days, so any help or insight is greatly appreciated.

hi calphis,

have you succeed ping-ing other than 222.244? like ping a.b.222.some-IP or ping google.com?
if you cant ping that 222.some-IP nor google.com (aside from name resolution function) - than perhaps you forget to do ip_forward.

and - take a little look at your modem firewall (if applicable) will help a bit.

echo 1 > /proc/sys/net/ipv4/ip_forward

after flushing/changing your iptables rules - you need to restart it.

and this :
try to change it to BOOTPROTO=STATIC.

HTH.

Thanks so much for the suggestions. Still no luck. Here's some info on what I tried based on your suggestions:

excerpt from /etc/sysctl.conf
-------------------------------
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1
--------------------------------
changed BOOTPROTO as you suggested:

[root@bracchus ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Broadcom Corporation NetXtreme BCM5721 Gigabit Ethernet PCI Express
DEVICE=eth0
BOOTPROTO=STATIC
HWADDR=00:1d:09:fb:ca:b6
ONBOOT=yes
SEARCH="calphis.com"
NM_CONTROLLED=no
TYPE=Ethernet
NETMASK=255.255.255.0
IPADDR=192.168.100.244
GATEWAY=192.168.100.254
[root@bracchus ~]#

-----------------------------

[root@bracchus ~]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
[root@bracchus ~]# cat /proc/sys/net/ipv4/ip_forward
1

--------------------------------

I checked the modem/router combo unit and confirmed all firewall, stateful inspection, etc. is completely off.

--------------------------------
[root@bracchus ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: nat filter [ OK ]
iptables: Unloading modules: [ OK ]
[root@bracchus ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@bracchus ~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@bracchus ~]#

-----------------------------
then I tried to ping these addresses. the a.b.222.243 is the windows host mentioned, with identical configuration except the last quad:

[root@bracchus ~]#
[root@bracchus ~]# ping www.google.com
PING www.l.google.com (74.125.47.147) 56(84) bytes of data.
64 bytes from yw-in-f147.google.com (74.125.47.147): icmp_seq=1 ttl=242 time=25.1 ms
64 bytes from yw-in-f147.google.com (74.125.47.147): icmp_seq=2 ttl=242 time=25.3 ms
^C
--- www.l.google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1691ms
rtt min/avg/max/mdev = 25.160/25.247/25.335/0.181 ms
[root@bracchus ~]# ping a.b.222.243
PING 68.157.222.243 (a.b.222.243) 56(84) bytes of data.
64 bytes from a.b.222.243: icmp_seq=1 ttl=126 time=0.749 ms
64 bytes from a.b.222.243: icmp_seq=2 ttl=126 time=0.631 ms
64 bytes from a.b.222.243: icmp_seq=3 ttl=126 time=0.645 ms
^C
--- a.b.222.243 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2270ms
rtt min/avg/max/mdev = 0.631/0.675/0.749/0.052 ms
[root@bracchus ~]# ping a.b.222.244
PING a.b.222.244 (a.b.222.244) 56(84) bytes of data.
^C
--- a.b.222.244 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4262ms

[root@bracchus ~]#

----------------------------
so both namserver and gateway seem to be working fine. the a.b.222.243 can ping its own external address. I checked the router/modem's settings for the network, to ensure the net mask did not somehow exclude the problem host's address. There was no such setting in the configuration or routing table for the unit. To test further, I moved the problem host to a.b.222.245, and the internal address to 192.168.100.245 with no change in the behavior.
Windows hosts @ a.b.222.243 and a.b.222.246 can ping all addresses internal and external, as well as themselves using either internal or external address.


quite a doozy of a problem, eh? I'm quite stumped! Thanks so much for your suggestions.