Ubuntu server works on LAN but can not get to the internet or the internet to it.
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: ubuntu 10.04.4 and older ones as well, Fedore core, Debian, CentOS
Posts: 20
Rep:
Ubuntu server works on LAN but can not get to the internet or the internet to it.
Hello,
I have been working on this problems for over 36 hours tyring to solve this problem. My ubuntu 10.04.4 server has postfix/dovecot etc
and has been running fine up until 5/3/2012. My symptoms are I can SSH to the server locally, I can ping
it etc. and the server can see and ping other computers on the LAN, but it does not get to internet or the internet to it.
I have gone through several pages and suggestions I have on this forum along with Ubuntu Questions and several others on the net
The only thing that I can find that changed was and update to a few items in a apt-get on 5/1/2012 but I have
checked those and they dont' seem to affect anything. I know the statement something must have changed, but I can't find what it is.
Here are some pertinent files, I am sure you will want more and I will get to you.
Code:
Ubuntu version:
$ sudo lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 10.04.4 LTS
Release: 10.04
Codename: lucid
Network interfaces
cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.xxx.xxx
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.xxx.xxx
# Pubilc IP network interface
auto eth0:0
iface eth0:0 inet static
name Ethernet Public IP card
address 65.15.XXX.XXX
netmask 255.255.255.240
broadcast 65.15.XXX.XXX
network 65.15.XXX.XXX
$ /etc/reslov.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
The resolv.conf gets rebuilt often. This has NOT changed in since 2010.
If I put in the GW address it doesn't change anything.
A route request
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
65.15.xxx.xxx * 255.255.255.240 U 0 0 0 eth0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
default towerysxxx.towe 0.0.0.0 UG 100 0 0 eth0
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
65.15.74.48 0.0.0.0 255.255.255.240 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.xxx.xxx 0.0.0.0 UG 100 0 0 eth0
host request to where my apt-get points to
$ host www.gtlib.gatech.edu
www.gtlib.gatech.edu has address 128.61.111.13
www.gtlib.gatech.edu has address 128.61.111.11
www.gtlib.gatech.edu has address 128.61.111.10
www.gtlib.gatech.edu has IPv6 address 2610:148:1f00:6f00:21b:24ff:fe1d:e940
www.gtlib.gatech.edu has IPv6 address 2610:148:1f00:6f00:20c:29ff:fe3c:63a8
www.gtlib.gatech.edu has IPv6 address 2610:148:1f00:6f00:216:36ff:fee9:2178
then a ping to there
$ ping 128.61.111.13
PING 128.61.111.13 (128.61.111.13) 56(84) bytes of data.
it timed out.
When I do a apt-get or a wget it times out.
another host request
$ host cnn.com
cnn.com has address 157.166.226.26
cnn.com has address 157.166.255.18
cnn.com has address 157.166.255.19
cnn.com has address 157.166.226.25
cnn.com mail is handled by 10 nycmail1.turner.com.
cnn.com mail is handled by 10 nycmail2.turner.com.
cnn.com mail is handled by 10 atlmail3.turner.com.
cnn.com mail is handled by 10 atlmail5.turner.com.
cnn.com mail is handled by 10 hkgmail1.turner.com.
cnn.com mail is handled by 10 lonmail1.turner.com.
nslookup
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5038ms
$ nslookup 8.8.8.8
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
8.8.8.8.in-addr.arpa name = google-public-dns-a.google.com.
Authoritative answers can be found from:
$ nslookup linuxquestions.org
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: linuxquestions.org
Address: 75.126.162.205
More PING
I can ping my firewall and get answers when I ping a internet host
I get:
$ ping router.host.com
PING 192.168.xxx.xxx (192.168.xxx.xxx) 56(84) bytes of data.
64 bytes from 192.168.0.10: icmp_seq=1 ttl=64 time=0.378 ms
64 bytes from 192.168.0.10: icmp_seq=2 ttl=64 time=0.297 ms
64 bytes from 192.168.0.10: icmp_seq=3 ttl=64 time=0.279 ms
64 bytes from 192.168.0.10: icmp_seq=4 ttl=64 time=0.283 ms
^C
--- 192.168.0.10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2997ms
rtt min/avg/max/mdev = 0.279/0.309/0.378/0.042 ms
As well as other servers and workstations on the LAN.
ping 74.125.45.100
PING 74.125.45.100 (74.125.45.100) 56(84) bytes of data.
~C
Timed out after several minutes.
Running traceroute:
$ traceroute 74.125.45.100
traceroute to 74.125.45.100 (74.125.45.100), 30 hops max, 60 byte packets
1 toweryxxxxx.towerysxxxxx.com (192.168.xxx.xxx) 0.358 ms 0.348 ms 0.387 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
BIND
I have BIND9 running as a forward caching DNS server. I am not sure which files you want to see, so please let me know and I will
send them asap. The BIND configuration has not changed since 2010 so I don't know if this would cause the problem.
Router
Checked Router setup as listied in another similar post on LQ. I am using IPCop 1.4.21 as the firewall.
I have checked my router and it is in througput mode, I do all my NAT and packet filtering through the firewall which I have verified
there have no congfig changes made to that machine.
NOTES
Another linux server on the LAN has no trouble getting out as do all other machines on the LAN.
The LAN interface has an internal gateway set. Try using the Public IP gateway on the Public Ip interface. Normally the ISP give you the IP Address of the gateway.
It's surely a gateway problem!
Distribution: ubuntu 10.04.4 and older ones as well, Fedore core, Debian, CentOS
Posts: 20
Original Poster
Rep:
Quote:
Originally Posted by Slackyman
The LAN interface has an internal gateway set. Try using the Public IP gateway on the Public Ip interface. Normally the ISP give you the IP Address of the gateway.
It's surely a gateway problem!
I will get this change made in a little bit, however I have another ubuntu server that is able to send/receive internet packets. I am trying to double check those settings.
Distribution: ubuntu 10.04.4 and older ones as well, Fedore core, Debian, CentOS
Posts: 20
Original Poster
Rep:
Quote:
Originally Posted by techyjpt
I will get this change made in a little bit, however I have another ubuntu server that is able to send/receive internet packets. I am trying to double check those settings.
Thanks.
I have made the change to setting and restarted networking.
Code:
~$ sudo cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.xx.15
netmask 255.255.255.0
network 192.168.xx.0
broadcast 192.168.xx.255
gateway 192.168.xx.10
dns-nameservers 192.168.xx.10 205.152.37.23
# Pubilc IP network interface
auto eth0:0
iface eth0:0 inet static
name Ethernet Public IP card
address 65.15.xx.50
netmask 255.255.255.2xx
broadcast 65.15.xx.63
network 65.15.xx.48
gateway 65.15.xx.49
dns-nameservers 205.152.37.23 205.152.144.23
~$
Distribution: ubuntu 10.04.4 and older ones as well, Fedore core, Debian, CentOS
Posts: 20
Original Poster
Rep:
Quote:
Originally Posted by Slackyman
Has the other server the same configuration?
Yes as far as all the network and DNS stuff. It is 8. version of Ubuntu. I have double checked everything that I know of. I wonder if it could be any way hardware related like (NIC) or something.
Have you checked Linux firewall (iptables) or hardware firewalls?
How your LAN is configured? Have your LAN a router giving access to the Internet and what is its IP Address?
Distribution: ubuntu 10.04.4 and older ones as well, Fedore core, Debian, CentOS
Posts: 20
Original Poster
Rep:
Quote:
Originally Posted by Slackyman
Have you checked Linux firewall (iptables) or hardware firewalls?
How your LAN is configured? Have your LAN a router giving access to the Internet and what is its IP Address?
I am using shorewall on this server. I have completely stopped shorewall and tried it, no difference.
My LAN is as follows, I have ATT DSL with a netopia router in bridged mode. Then I have a IPCop firewall running, I use aliases for the outside static IP address and assing the outside static IP to route to my internal IP on the server. I have checked the config and nothing has changed since 2010. The other servers are connected the exact same way. The outside static IP is 65.74.15.50 (I have also changed it a 51 (I have a bank of static IPs).
Try to configure only eth0 for the LAN using the local IP Address of the gateway without configuring the external public IP and check if you can reach the Internet.
Distribution: ubuntu 10.04.4 and older ones as well, Fedore core, Debian, CentOS
Posts: 20
Original Poster
Rep:
Quote:
Originally Posted by Slackyman
Try to configure only eth0 for the LAN using the local IP Address of the gateway without configuring the external public IP and check if you can reach the Internet.
No effect. Same thing.
Code:
/$ sudo cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.15
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.10
dns-nameservers 192.168.0.10 205.152.37.23
# Public IP network interface
#auto eth0:0
#iface eth0:0 inet static
# name Ethernet alias LAN card
# address 74.246.172.181
# netmask 255.255.255.248
# broadcast 74.246.172.183
# network 74.246.172.176
# Pubilc IP network interface
#auto eth0:0
#iface eth0:0 inet static
# name Ethernet Public IP card
# address 65.15.74.50
# netmask 255.255.255.240
# broadcast 65.15.74.63
# network 65.15.74.48
# gateway 65.15.74.49
# dns-nameservers 205.152.37.23 205.152.144.23
/$ sudo /etc/init.d/networking restart
* Reconfiguring network interfaces...
ssh stop/waiting
ssh start/running, process 3249
/$ sudo wget cnn.com
--2012-05-07 14:23:54-- http://cnn.com/
Resolving cnn.com... 157.166.226.26, 157.166.255.18, 157.166.255.19, ...
Connecting to cnn.com|157.166.226.26|:80... ^C
I sat for several minutes as it tried all of the IPs timeout on all of them, same thing with apt-get.
Try using only public DNS server (205.152.37.23) without using local one and see if you can solve domain name.
If you can we have another kind of problem since if the DNS server is out of your LAN it means you can reach it!
How is this possible if you can't reach the Internet?
So that it's almost surely a problem of filtering.
If you cannot reach public DNS still remains a gateway problem.
Distribution: ubuntu 10.04.4 and older ones as well, Fedore core, Debian, CentOS
Posts: 20
Original Poster
Rep:
Quote:
Originally Posted by Slackyman
Try using only public DNS server (205.152.37.23) without using local one and see if you can solve domain name.
If you can we have another kind of problem since if the DNS server is out of your LAN it means you can reach it!
How is this possible if you can't reach the Internet?
So that it's almost surely a problem of filtering.
If you cannot reach public DNS still remains a gateway problem.
Okay, here is what I did.
Code:
~$ sudo cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.15
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.10
dns-nameservers 205.152.37.23
# Public IP network interface
#auto eth0:0
#iface eth0:0 inet static
# name Ethernet alias LAN card
# address 74.246.172.181
# netmask 255.255.255.248
# broadcast 74.246.172.183
# network 74.246.172.176
# Pubilc IP network interface
#auto eth0:0
#iface eth0:0 inet static
# name Ethernet Public IP card
# address 65.15.74.50
# netmask 255.255.255.240
# broadcast 65.15.74.63
# network 65.15.74.48
# gateway 65.15.74.49
# dns-nameservers 205.152.37.23 205.152.144.23
~$ sudo /etc/init.d/networking restart
* Reconfiguring network interfaces...
ssh stop/waiting
ssh start/running, process 4269
~$ sudo wget cnn.com
--2012-05-07 15:00:49-- http://cnn.com/
Resolving cnn.com... failed: Temporary failure in name resolution.
wget: unable to resolve host address `cnn.com'
So I am NOT! sure 100% what that means exactly and why it only effects this one machine.
Last edited by techyjpt; 05-07-2012 at 02:49 PM.
Reason: Typo
Distribution: ubuntu 10.04.4 and older ones as well, Fedore core, Debian, CentOS
Posts: 20
Original Poster
Rep:
Quote:
So I am NOT! sure 100% what that means exactly and why it only effects this one machine.
As I mentioned above I have a forward looking DNS bind9 on this server running. When I have it running I get can dig do nslookups and so forth, when it is stopped and I restart the network (rebuild resolv.conf) where nameserver 127.0.0.1 is now set to nameserver 205.152.37.23 and nameserver 205.152.144.23 (I have flipped both these around as well as tried 8.8.8.8 and 8.8.4.4).
Just going back over my notes. Thanks for any further help.
I also just for grins and giggles put in a new NIC, changed interfaces to use the NIC. It didn't solve the problem I am just grasping at straws now.
How would anyone suggest I proceed?
Last edited by techyjpt; 05-07-2012 at 04:29 PM.
Reason: Add additions notes.
OK, just to make sure I understand your setup you have.
Your only have one network card installed ?
You are using eth0 as your internal card (LAN range) eth0 = 192.168.0.10
You are using eth0:0 as your virtual Public interface card ? eth0:0 = 65.15.74.49
Guessing above, just need to use IP's
OK, so then, what is the default gateway for your public (eth0:0) device ?
Is this device plugged into the same switch as your Internal LAN
Can you ping your default gateway ? (Public router plugged into your LAN switch it seems )
Distribution: ubuntu 10.04.4 and older ones as well, Fedore core, Debian, CentOS
Posts: 20
Original Poster
Rep:
Quote:
Originally Posted by linuxgurusa
Howdy !!
OK, just to make sure I understand your setup you have.
Your only have one network card installed ?
You are using eth0 as your internal card (LAN range) eth0 = 192.168.0.10
You are using eth0:0 as your virtual Public interface card ? eth0:0 = 65.15.74.49
Guessing above, just need to use IP's
OK, so then, what is the default gateway for your public (eth0:0) device ?
Is this device plugged into the same switch as your Internal LAN
Can you ping your default gateway ? (Public router plugged into your LAN switch it seems )
Good morning,
Here are the answers to your questions:
1. The server currently just has 1 NIC installed. {I replaced the NIC yesterday for a time and reset things to use eth1 just to make sure there was not something weird going on the NIC}. So there is only 1 NIC.
2. Yes I use eth0 as the internal LAN's static IP 192.168.0.15 for this server.
3. Yes eth0:0 is my virtual public IP address set to 65.15.74.50 (network is of course the LAN is 65.15.74.48)
4. I thought about that and tried to just connect using IP's no luck.
5. The default gateway is currently set the 192.168.0.10 (IPCop firewall) and I have tried 65.15.74.49 on eth0:0 gateway. I use my IPCop DHCP server setup to give all DHCP machines this gateway(192.168.0.10) and is set all servers to as well in the eth0 setting.
6. Yes this server is plugged into the the same switch/Hub as 3 other machines that work.
Just grasping at straws I have tried a different NIC as mention I have replaced network cables. Have moved the server to directly connect the switch/Hub at the IPCop Firewall (Green Connection). I have tried shutting down shorewall on the server and just relying on my hardware IPCop firewall. I have shutdown BIND9 on this server (BIND9 is working as a forward only DNS server). I have tried multiple things I have on the net in searches. I have setup a hard coded reslov.conf file on the server pointing to outside DNS Servers, etc, etc, etc. So far nothing has made a difference.
I don't pretend to be a full Systems Administrator and I have a lot learn as always, but I can and do restart necessary services when I make a change. So between each attempt I restart networking or shorewall/iptables or BIND9 as needed. Along with any other setting I change.
I really appreciate the help and will continue to provide any files or settings asked for.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.