LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Ping to router works, internet doesn't (http://www.linuxquestions.org/questions/linux-networking-3/ping-to-router-works-internet-doesnt-496089/)

max2004 10-27-2006 10:05 AM

Ping to router works, internet doesn't
 
Hi,

I have 3 Fedora boxes in a home lan connected with a router. Two of them can access the internet, the third one can ping the other two and the router, but cannot access the internet. What could be my mistake?

Thx, Max

alienux 10-27-2006 10:50 AM

1. Do you have the router's IP address as the default gateway on the third box?

2. Can you ping Internet addresses by IP? Try pinging 4.2.2.2 to see if you get a reply. If so, you need to add a nameserver to /etc/resolv.conf

osor 10-27-2006 10:16 PM

Can you post the output of `route' or `ip route'

max2004 11-05-2006 02:05 PM

Hi guys,

ip route gives me:
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2
default via 192.168.0.1 dev eth0

Eth0 is the only interface I have and 192.168.0.1 is the router's (Netgear home router) IP. I can ping the router, but cannot ping to outside my LAN (e.g. www.google.com -> unknown host or 4.2.2.2 -> 100% packet loss). I can ping the router, but cannot access it over the webinterface.

ip addr gives me (among other stuff):
Code:

eth0: <BROADCAST, MULTICAST, UP, 10000> ...
      ...
      inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0
      ...

This drives me crazy...

Thanks,
Max

max2004 11-06-2006 10:54 AM

Is there anything else I could try?? Please!

More information:
- Router: Netgear RP614v3 (latest firmware).
- I can ssh to another linux box (the two boxes are only connected over the router)

Any hint is appreciated!
Max

farslayer 11-06-2006 12:22 PM

did you check your /etc/resolv.conf settings as suggested above ?

if you can browse to http://72.14.203.104 but not http://wwww.google.com then your problem is most likely in the dns server settings in resolv.conf

max2004 11-06-2006 01:09 PM

Thx for your post. Name resolution is not the problem, the /etc/resolv.d is equal in the two fedora systems and browsing to http://72.14.203.104 doesn't work either :(

btw: When I run Knoppix (a live linux dvd) on the computer, everything works, so there is nothing with the cabel or network card.

More ideas?

Thanks for every post,
Max

osor 11-06-2006 03:42 PM

Quote:

Originally Posted by max2004
Thx for your post. Name resolution is not the problem, the /etc/resolv.d is equal in the two fedora systems and browsing to http://72.14.203.104 doesn't work either :(

btw: When I run Knoppix (a live linux dvd) on the computer, everything works, so there is nothing with the cabel or network card.

More ideas?

Thanks for every post,
Max

Perhaps it is iptables rules?

Try posting the output of `iptables-save' from both Fedora boxes (i.e., a working one and the non-working one).

mrn 11-06-2006 04:39 PM

hey,
i had very-very similar problem on ubuntu with one dsl modem:
ping worked, even outside, but the browser was dead, unless
i typed the ip of the server directly in the browser.
(example 2 get the IP: "dig google.com" in command line).
Ok, then I just switched to konqueror (as browser)
where everything works, and mozilla still does the strange things..
m.

max2004 11-07-2006 05:04 AM

Hi,

executing /sbin/iptables-save doesn't yield any output on both boxes (the working one and the not working one).
@mrn: Thanks for your post. I think your problem is different and is rather a firefox or name resolution problem.

I also tried iptables --list on both boxes:
The working one:
Code:

root > /sbin/iptables --list
Chain INPUT (policy ACCEPT)
target    prot opt source              destination
RH-Firewall-1-INPUT  all  --  anywhere            anywhere

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination
RH-Firewall-1-INPUT  all  --  anywhere            anywhere

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination

Chain RH-Firewall-1-INPUT (2 references)
target    prot opt source              destination
ACCEPT    all  --  anywhere            anywhere
ACCEPT    icmp --  anywhere            anywhere            icmp any
ACCEPT    esp  --  anywhere            anywhere
ACCEPT    ah  --  anywhere            anywhere
ACCEPT    udp  --  anywhere            224.0.0.251        udp dpt:mdns
ACCEPT    udp  --  anywhere            anywhere            udp dpt:ipp
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ipp
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    tcp  --  anywhere            anywhere            state NEW tcp dpt:ssh
REJECT    all  --  anywhere            anywhere            reject-with icmp-host-prohibited

The not working one:
Code:

root > > /sbin/iptables --list
Chain INPUT (policy ACCEPT)
target    prot opt source              destination       
RH-Firewall-1-INPUT  all  --  anywhere            anywhere           

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination       
RH-Firewall-1-INPUT  all  --  anywhere            anywhere           

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination       

Chain RH-Firewall-1-INPUT (2 references)
target    prot opt source              destination       
ACCEPT    all  --  anywhere            anywhere           
ACCEPT    icmp --  anywhere            anywhere            icmp any
ACCEPT    ipv6-crypt--  anywhere            anywhere           
ACCEPT    ipv6-auth--  anywhere            anywhere           
ACCEPT    udp  --  anywhere            224.0.0.251        udp dpt:mdns
ACCEPT    udp  --  anywhere            anywhere            udp dpt:ipp
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ipp
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    tcp  --  anywhere            anywhere            state NEW tcp dpt:ssh
REJECT    all  --  anywhere            anywhere            reject-with icmp-host-prohibited

Thanks a lot for all the support!

Max

osor 11-07-2006 05:45 PM

Quote:

Originally Posted by max2004
Hi,

executing /sbin/iptables-save doesn't yield any output on both boxes (the working one and the not working one).
@mrn: Thanks for your post. I think your problem is different and is rather a firefox or name resolution problem.

I also tried iptables --list on both boxes:
The working one:
Code:

root > /sbin/iptables --list
Chain INPUT (policy ACCEPT)
target    prot opt source              destination
RH-Firewall-1-INPUT  all  --  anywhere            anywhere

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination
RH-Firewall-1-INPUT  all  --  anywhere            anywhere

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination

Chain RH-Firewall-1-INPUT (2 references)
target    prot opt source              destination
ACCEPT    all  --  anywhere            anywhere
ACCEPT    icmp --  anywhere            anywhere            icmp any
ACCEPT    esp  --  anywhere            anywhere
ACCEPT    ah  --  anywhere            anywhere
ACCEPT    udp  --  anywhere            224.0.0.251        udp dpt:mdns
ACCEPT    udp  --  anywhere            anywhere            udp dpt:ipp
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ipp
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    tcp  --  anywhere            anywhere            state NEW tcp dpt:ssh
REJECT    all  --  anywhere            anywhere            reject-with icmp-host-prohibited

The not working one:
Code:

root > > /sbin/iptables --list
Chain INPUT (policy ACCEPT)
target    prot opt source              destination       
RH-Firewall-1-INPUT  all  --  anywhere            anywhere           

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination       
RH-Firewall-1-INPUT  all  --  anywhere            anywhere           

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination       

Chain RH-Firewall-1-INPUT (2 references)
target    prot opt source              destination       
ACCEPT    all  --  anywhere            anywhere           
ACCEPT    icmp --  anywhere            anywhere            icmp any
ACCEPT    ipv6-crypt--  anywhere            anywhere           
ACCEPT    ipv6-auth--  anywhere            anywhere           
ACCEPT    udp  --  anywhere            224.0.0.251        udp dpt:mdns
ACCEPT    udp  --  anywhere            anywhere            udp dpt:ipp
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ipp
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    tcp  --  anywhere            anywhere            state NEW tcp dpt:ssh
REJECT    all  --  anywhere            anywhere            reject-with icmp-host-prohibited

Thanks a lot for all the support!

Max

Your problem is starting to drive me crazy!

First off, why is iptables-save not behaving (maybe ur not root? are u using selinux?)? It's supposed to dump all netfilter rules (including three tables apart from the default table) in maximum detail.

If you can't get it to work, can you post the exact output of these commands from a working and non-working machine (sorry, it'll be a little big. perhaps 2 posts?):
Code:

iptables -t filter -nvvvvL
iptables -t nat -nvvvvL
iptables -t mangle -nvvvvL
iptables -t raw -nvvvvL

If you still are having trouble, you can also look at "sysctl -a | grep net" or "sysctl -a | grep net.core" (you probably shouldn't post these here, but look at them yourself and see if there's something odd).

UhhMaybe 05-26-2007 01:11 PM

In the "working" post,..."...ACCEPT esp..." and "...ACCEPT ah..." two lines are included. In the "non-working" post, "...ACCEPT esp..." and "...ACCEPT ah..." two lines are not included. This is the difference of the two tables. Are they supposed to be the same, or not supposed to be the same?


All times are GMT -5. The time now is 03:58 PM.