Ping to router works, internet doesn't

max2004 · 10-27-2006, 10:05 AM

Hi,

I have 3 Fedora boxes in a home lan connected with a router. Two of them can access the internet, the third one can ping the other two and the router, but cannot access the internet. What could be my mistake?

Thx, Max

alienux · 10-27-2006, 10:50 AM

1. Do you have the router's IP address as the default gateway on the third box?

2. Can you ping Internet addresses by IP? Try pinging 4.2.2.2 to see if you get a reply. If so, you need to add a nameserver to /etc/resolv.conf

osor · 10-27-2006, 10:16 PM

Can you post the output of `route' or `ip route'

max2004 · 11-05-2006, 02:05 PM

Hi guys,

ip route gives me:
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2
default via 192.168.0.1 dev eth0

Eth0 is the only interface I have and 192.168.0.1 is the router's (Netgear home router) IP. I can ping the router, but cannot ping to outside my LAN (e.g. www.google.com -> unknown host or 4.2.2.2 -> 100% packet loss). I can ping the router, but cannot access it over the webinterface.

ip addr gives me (among other stuff):

Code:

eth0: <BROADCAST, MULTICAST, UP, 10000> ...
      ...
      inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0
      ...

This drives me crazy...

Thanks,
Max

max2004 · 11-06-2006, 10:54 AM

Is there anything else I could try?? Please!

More information:
- Router: Netgear RP614v3 (latest firmware).
- I can ssh to another linux box (the two boxes are only connected over the router)

Any hint is appreciated!
Max

farslayer · 11-06-2006, 12:22 PM

did you check your /etc/resolv.conf settings as suggested above ?

if you can browse to http://72.14.203.104 but not http://wwww.google.com then your problem is most likely in the dns server settings in resolv.conf

max2004 · 11-06-2006, 01:09 PM

Thx for your post. Name resolution is not the problem, the /etc/resolv.d is equal in the two fedora systems and browsing to http://72.14.203.104 doesn't work either

btw: When I run Knoppix (a live linux dvd) on the computer, everything works, so there is nothing with the cabel or network card.

More ideas?

Thanks for every post,
Max

osor · 11-06-2006, 03:42 PM

Quote:

Originally Posted by max2004

Thx for your post. Name resolution is not the problem, the /etc/resolv.d is equal in the two fedora systems and browsing to http://72.14.203.104 doesn't work either

btw: When I run Knoppix (a live linux dvd) on the computer, everything works, so there is nothing with the cabel or network card.

More ideas?

Thanks for every post,
Max

Perhaps it is iptables rules?

Try posting the output of `iptables-save' from both Fedora boxes (i.e., a working one and the non-working one).

mrn · 11-06-2006, 04:39 PM

hey,
i had very-very similar problem on ubuntu with one dsl modem:
ping worked, even outside, but the browser was dead, unless
i typed the ip of the server directly in the browser.
(example 2 get the IP: "dig google.com" in command line).
Ok, then I just switched to konqueror (as browser)
where everything works, and mozilla still does the strange things..
m.

max2004 · 11-07-2006, 05:04 AM

Hi,

executing /sbin/iptables-save doesn't yield any output on both boxes (the working one and the not working one).
@mrn: Thanks for your post. I think your problem is different and is rather a firefox or name resolution problem.

I also tried iptables --list on both boxes:
The working one:

Code:

root > /sbin/iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

The not working one:

Code:

root > > /sbin/iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp any 
ACCEPT     ipv6-crypt--  anywhere             anywhere            
ACCEPT     ipv6-auth--  anywhere             anywhere            
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Thanks a lot for all the support!

Max

osor · 11-07-2006, 05:45 PM

Quote:

Originally Posted by max2004

Hi,

executing /sbin/iptables-save doesn't yield any output on both boxes (the working one and the not working one).
@mrn: Thanks for your post. I think your problem is different and is rather a firefox or name resolution problem.

I also tried iptables --list on both boxes:
The working one:

Code:

root > /sbin/iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

The not working one:

Code:

root > > /sbin/iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp any 
ACCEPT     ipv6-crypt--  anywhere             anywhere            
ACCEPT     ipv6-auth--  anywhere             anywhere            
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Thanks a lot for all the support!

Max

Your problem is starting to drive me crazy!

First off, why is iptables-save not behaving (maybe ur not root? are u using selinux?)? It's supposed to dump all netfilter rules (including three tables apart from the default table) in maximum detail.

If you can't get it to work, can you post the exact output of these commands from a working and non-working machine (sorry, it'll be a little big. perhaps 2 posts?):

Code:

iptables -t filter -nvvvvL
iptables -t nat -nvvvvL
iptables -t mangle -nvvvvL
iptables -t raw -nvvvvL

If you still are having trouble, you can also look at "sysctl -a | grep net" or "sysctl -a | grep net.core" (you probably shouldn't post these here, but look at them yourself and see if there's something odd).

UhhMaybe · 05-26-2007, 01:11 PM

In the "working" post,..."...ACCEPT esp..." and "...ACCEPT ah..." two lines are included. In the "non-working" post, "...ACCEPT esp..." and "...ACCEPT ah..." two lines are not included. This is the difference of the two tables. Are they supposed to be the same, or not supposed to be the same?