Ubuntu server works on LAN but can not get to the internet or the internet to it.

techyjpt · 05-06-2012, 10:25 AM

Hello,

I have been working on this problems for over 36 hours tyring to solve this problem. My ubuntu 10.04.4 server has postfix/dovecot etc
and has been running fine up until 5/3/2012. My symptoms are I can SSH to the server locally, I can ping
it etc. and the server can see and ping other computers on the LAN, but it does not get to internet or the internet to it.
I have gone through several pages and suggestions I have on this forum along with Ubuntu Questions and several others on the net
The only thing that I can find that changed was and update to a few items in a apt-get on 5/1/2012 but I have
checked those and they dont' seem to affect anything. I know the statement something must have changed, but I can't find what it is.
Here are some pertinent files, I am sure you will want more and I will get to you.

Code:

Ubuntu version: 
$ sudo lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 10.04.4 LTS
Release:        10.04
Codename:       lucid

Network interfaces
cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.xxx.xxx
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.xxx.xxx

# Pubilc IP network interface
auto eth0:0
iface eth0:0 inet static
        name Ethernet Public IP card
        address 65.15.XXX.XXX
        netmask 255.255.255.240
        broadcast 65.15.XXX.XXX
        network 65.15.XXX.XXX

$ /etc/reslov.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
	The resolv.conf gets rebuilt often.  This has NOT changed in since 2010.
If I put in the GW address it doesn't change anything.

A route request
$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
65.15.xxx.xxx   *               255.255.255.240 U     0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
default         towerysxxx.towe 0.0.0.0         UG    100    0        0 eth0

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
65.15.74.48     0.0.0.0         255.255.255.240 U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.168.xxx.xxx 0.0.0.0         UG    100    0        0 eth0

host request to where my apt-get points to
$ host www.gtlib.gatech.edu
www.gtlib.gatech.edu has address 128.61.111.13
www.gtlib.gatech.edu has address 128.61.111.11
www.gtlib.gatech.edu has address 128.61.111.10
www.gtlib.gatech.edu has IPv6 address 2610:148:1f00:6f00:21b:24ff:fe1d:e940
www.gtlib.gatech.edu has IPv6 address 2610:148:1f00:6f00:20c:29ff:fe3c:63a8
www.gtlib.gatech.edu has IPv6 address 2610:148:1f00:6f00:216:36ff:fee9:2178
then a ping to there
$ ping 128.61.111.13
PING 128.61.111.13 (128.61.111.13) 56(84) bytes of data.
it timed out.
When I do a apt-get or a wget it times out.

another host request
$ host cnn.com
cnn.com has address 157.166.226.26
cnn.com has address 157.166.255.18
cnn.com has address 157.166.255.19
cnn.com has address 157.166.226.25
cnn.com mail is handled by 10 nycmail1.turner.com.
cnn.com mail is handled by 10 nycmail2.turner.com.
cnn.com mail is handled by 10 atlmail3.turner.com.
cnn.com mail is handled by 10 atlmail5.turner.com.
cnn.com mail is handled by 10 hkgmail1.turner.com.
cnn.com mail is handled by 10 lonmail1.turner.com.

nslookup
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5038ms

$ nslookup 8.8.8.8
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
8.8.8.8.in-addr.arpa    name = google-public-dns-a.google.com.

Authoritative answers can be found from:

$ nslookup linuxquestions.org
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   linuxquestions.org
Address: 75.126.162.205

More PING
I can ping my firewall and get answers when I ping a internet host
I get:
$ ping router.host.com
PING 192.168.xxx.xxx (192.168.xxx.xxx) 56(84) bytes of data.
64 bytes from 192.168.0.10: icmp_seq=1 ttl=64 time=0.378 ms
64 bytes from 192.168.0.10: icmp_seq=2 ttl=64 time=0.297 ms
64 bytes from 192.168.0.10: icmp_seq=3 ttl=64 time=0.279 ms
64 bytes from 192.168.0.10: icmp_seq=4 ttl=64 time=0.283 ms
^C
--- 192.168.0.10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2997ms
rtt min/avg/max/mdev = 0.279/0.309/0.378/0.042 ms
As well as other servers and workstations on the LAN.

ping 74.125.45.100
PING 74.125.45.100 (74.125.45.100) 56(84) bytes of data.
~C
Timed out after several minutes.

Running traceroute:
$ traceroute 74.125.45.100
traceroute to 74.125.45.100 (74.125.45.100), 30 hops max, 60 byte packets
 1  toweryxxxxx.towerysxxxxx.com (192.168.xxx.xxx)  0.358 ms  0.348 ms  0.387 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

BIND 
I have BIND9 running as a forward caching DNS server.  I am not sure which files you want to see, so please let me know and I will
send them asap.  The BIND configuration has not changed since 2010 so I don't know if this would cause the problem.

Router
Checked Router setup as listied in another similar post on LQ.  I am using IPCop 1.4.21 as the firewall.  
I have checked my router and it is in througput mode, I do all my NAT and packet filtering through the firewall which I have verified
there have no congfig changes made to that machine. 

NOTES
Another linux server on the LAN has no trouble getting out as do all other machines on the LAN.

Please let me know what else I can provide.

techyjpt

UBUNTU user# 31635

Slackyman · 05-07-2012, 04:45 AM

The LAN interface has an internal gateway set. Try using the Public IP gateway on the Public Ip interface. Normally the ISP give you the IP Address of the gateway.
It's surely a gateway problem!

techyjpt · 05-07-2012, 09:53 AM

Quote:

Originally Posted by Slackyman

The LAN interface has an internal gateway set. Try using the Public IP gateway on the Public Ip interface. Normally the ISP give you the IP Address of the gateway.
It's surely a gateway problem!

I will get this change made in a little bit, however I have another ubuntu server that is able to send/receive internet packets. I am trying to double check those settings.

Thanks.

techyjpt · 05-07-2012, 10:33 AM

Quote:

Originally Posted by techyjpt

I will get this change made in a little bit, however I have another ubuntu server that is able to send/receive internet packets. I am trying to double check those settings.

Thanks.

I have made the change to setting and restarted networking.

Code:

~$ sudo cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.xx.15
netmask 255.255.255.0
network 192.168.xx.0
broadcast 192.168.xx.255
gateway 192.168.xx.10
dns-nameservers 192.168.xx.10 205.152.37.23


# Pubilc IP network interface
auto eth0:0
iface eth0:0 inet static
        name Ethernet Public IP card
        address 65.15.xx.50
        netmask 255.255.255.2xx
        broadcast 65.15.xx.63
        network 65.15.xx.48
        gateway 65.15.xx.49
        dns-nameservers 205.152.37.23 205.152.144.23
~$

Still have the same issue.

Slackyman · 05-07-2012, 10:57 AM

Has the other server the same configuration?

techyjpt · 05-07-2012, 10:59 AM

Quote:

Originally Posted by Slackyman

Has the other server the same configuration?

Yes as far as all the network and DNS stuff. It is 8. version of Ubuntu. I have double checked everything that I know of. I wonder if it could be any way hardware related like (NIC) or something.

Slackyman · 05-07-2012, 11:02 AM

Have you checked Linux firewall (iptables) or hardware firewalls?
How your LAN is configured? Have your LAN a router giving access to the Internet and what is its IP Address?

techyjpt · 05-07-2012, 12:00 PM

Quote:

Originally Posted by Slackyman

Have you checked Linux firewall (iptables) or hardware firewalls?
How your LAN is configured? Have your LAN a router giving access to the Internet and what is its IP Address?

I am using shorewall on this server. I have completely stopped shorewall and tried it, no difference.
My LAN is as follows, I have ATT DSL with a netopia router in bridged mode. Then I have a IPCop firewall running, I use aliases for the outside static IP address and assing the outside static IP to route to my internal IP on the server. I have checked the config and nothing has changed since 2010. The other servers are connected the exact same way. The outside static IP is 65.74.15.50 (I have also changed it a 51 (I have a bank of static IPs).

Slackyman · 05-07-2012, 01:01 PM

Try to configure only eth0 for the LAN using the local IP Address of the gateway without configuring the external public IP and check if you can reach the Internet.

techyjpt · 05-07-2012, 01:25 PM

Quote:

Originally Posted by Slackyman

Try to configure only eth0 for the LAN using the local IP Address of the gateway without configuring the external public IP and check if you can reach the Internet.

No effect. Same thing.

Code:

/$ sudo cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.15
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.10
dns-nameservers 192.168.0.10 205.152.37.23

# Public IP network interface
#auto eth0:0
#iface eth0:0 inet static
#       name Ethernet alias LAN card
#       address 74.246.172.181
#       netmask 255.255.255.248
#       broadcast 74.246.172.183
#       network 74.246.172.176

# Pubilc IP network interface
#auto eth0:0
#iface eth0:0 inet static
#       name Ethernet Public IP card
#       address 65.15.74.50
#       netmask 255.255.255.240
#       broadcast 65.15.74.63
#       network 65.15.74.48
#       gateway 65.15.74.49
#       dns-nameservers 205.152.37.23 205.152.144.23

/$ sudo /etc/init.d/networking restart
 * Reconfiguring network interfaces...                                          
ssh stop/waiting
ssh start/running, process 3249

/$ sudo wget cnn.com
--2012-05-07 14:23:54--  http://cnn.com/
Resolving cnn.com... 157.166.226.26, 157.166.255.18, 157.166.255.19, ...
Connecting to cnn.com|157.166.226.26|:80... ^C

I sat for several minutes as it tried all of the IPs timeout on all of them, same thing with apt-get.

Slackyman · 05-07-2012, 01:43 PM

Try using only public DNS server (205.152.37.23) without using local one and see if you can solve domain name.
If you can we have another kind of problem since if the DNS server is out of your LAN it means you can reach it!
How is this possible if you can't reach the Internet?
So that it's almost surely a problem of filtering.
If you cannot reach public DNS still remains a gateway problem.

techyjpt · 05-07-2012, 02:09 PM

Quote:

Originally Posted by Slackyman

Try using only public DNS server (205.152.37.23) without using local one and see if you can solve domain name.
If you can we have another kind of problem since if the DNS server is out of your LAN it means you can reach it!
How is this possible if you can't reach the Internet?
So that it's almost surely a problem of filtering.
If you cannot reach public DNS still remains a gateway problem.

Okay, here is what I did.

Code:

~$ sudo cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.15
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.10
dns-nameservers 205.152.37.23

# Public IP network interface
#auto eth0:0
#iface eth0:0 inet static
#       name Ethernet alias LAN card
#       address 74.246.172.181
#       netmask 255.255.255.248
#       broadcast 74.246.172.183
#       network 74.246.172.176

# Pubilc IP network interface
#auto eth0:0
#iface eth0:0 inet static
#       name Ethernet Public IP card
#       address 65.15.74.50
#       netmask 255.255.255.240
#       broadcast 65.15.74.63
#       network 65.15.74.48
#       gateway 65.15.74.49
#       dns-nameservers 205.152.37.23 205.152.144.23

~$ sudo /etc/init.d/networking restart
 * Reconfiguring network interfaces...
ssh stop/waiting
ssh start/running, process 4269

~$ sudo wget cnn.com
--2012-05-07 15:00:49--  http://cnn.com/
Resolving cnn.com... failed: Temporary failure in name resolution.
wget: unable to resolve host address `cnn.com'

So I am NOT! sure 100% what that means exactly and why it only effects this one machine.

techyjpt · 05-07-2012, 02:59 PM

Quote:

So I am NOT! sure 100% what that means exactly and why it only effects this one machine.

As I mentioned above I have a forward looking DNS bind9 on this server running. When I have it running I get can dig do nslookups and so forth, when it is stopped and I restart the network (rebuild resolv.conf) where nameserver 127.0.0.1 is now set to nameserver 205.152.37.23 and nameserver 205.152.144.23 (I have flipped both these around as well as tried 8.8.8.8 and 8.8.4.4).

Just going back over my notes. Thanks for any further help.

I also just for grins and giggles put in a new NIC, changed interfaces to use the NIC. It didn't solve the problem I am just grasping at straws now.

How would anyone suggest I proceed?

linuxgurusa · 05-08-2012, 03:35 AM

Howdy !!

OK, just to make sure I understand your setup you have.

Your only have one network card installed ?
You are using eth0 as your internal card (LAN range) eth0 = 192.168.0.10
You are using eth0:0 as your virtual Public interface card ? eth0:0 = 65.15.74.49

Guessing above, just need to use IP's

OK, so then, what is the default gateway for your public (eth0:0) device ?
Is this device plugged into the same switch as your Internal LAN

Can you ping your default gateway ? (Public router plugged into your LAN switch it seems )

techyjpt · 05-08-2012, 10:57 AM

Quote:

Originally Posted by linuxgurusa

Howdy !!

OK, just to make sure I understand your setup you have.

Your only have one network card installed ?
You are using eth0 as your internal card (LAN range) eth0 = 192.168.0.10
You are using eth0:0 as your virtual Public interface card ? eth0:0 = 65.15.74.49

Guessing above, just need to use IP's

OK, so then, what is the default gateway for your public (eth0:0) device ?
Is this device plugged into the same switch as your Internal LAN

Can you ping your default gateway ? (Public router plugged into your LAN switch it seems )

Good morning,
Here are the answers to your questions:

1. The server currently just has 1 NIC installed. {I replaced the NIC yesterday for a time and reset things to use eth1 just to make sure there was not something weird going on the NIC}. So there is only 1 NIC.

2. Yes I use eth0 as the internal LAN's static IP 192.168.0.15 for this server.

3. Yes eth0:0 is my virtual public IP address set to 65.15.74.50 (network is of course the LAN is 65.15.74.48)

4.

I thought about that and tried to just connect using IP's no luck.

5. The default gateway is currently set the 192.168.0.10 (IPCop firewall) and I have tried 65.15.74.49 on eth0:0 gateway. I use my IPCop DHCP server setup to give all DHCP machines this gateway(192.168.0.10) and is set all servers to as well in the eth0 setting.

6. Yes this server is plugged into the the same switch/Hub as 3 other machines that work.

Just grasping at straws I have tried a different NIC as mention I have replaced network cables. Have moved the server to directly connect the switch/Hub at the IPCop Firewall (Green Connection). I have tried shutting down shorewall on the server and just relying on my hardware IPCop firewall. I have shutdown BIND9 on this server (BIND9 is working as a forward only DNS server). I have tried multiple things I have on the net in searches. I have setup a hard coded reslov.conf file on the server pointing to outside DNS Servers, etc, etc, etc. So far nothing has made a difference.

I don't pretend to be a full Systems Administrator and I have a lot learn as always, but I can and do restart necessary services when I make a change. So between each attempt I restart networking or shorewall/iptables or BIND9 as needed. Along with any other setting I change.

I really appreciate the help and will continue to provide any files or settings asked for.

Thanks again.