Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
07-17-2013, 05:20 PM
|
#1
|
Member
Registered: Apr 2004
Posts: 736
Rep:
|
Cannot ping local systems - but local systems can access internet
I have two CentOS 6.4 x86_64 systems. Fairly new installs. They are both connected via ethernet cable to the same wireless router. They can both reach the internet.
The IP addresses are being set dynamically. They are 192.168.1.108 and 192.168.1.109.
Code:
# ping 192.168.1.108
PING 192.168.1.108 (192.168.1.108) 56(84) bytes of data.
From 192.168.1.109 icmp_seq=2 Destination Host Unreachable
From 192.168.1.109 icmp_seq=3 Destination Host Unreachable
From 192.168.1.109 icmp_seq=4 Destination Host Unreachable
|
|
|
07-17-2013, 06:11 PM
|
#2
|
Member
Registered: Mar 2012
Distribution: Scientific Linux
Posts: 147
Rep:
|
Is icmp blocked by firewall?
|
|
|
07-17-2013, 06:42 PM
|
#3
|
Senior Member
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,983
|
Check your iptables and SELinux settings
|
|
|
07-24-2013, 02:59 PM
|
#4
|
Member
Registered: Apr 2004
Posts: 736
Original Poster
Rep:
|
I have also installed Apache. It loads from my local box, but nothing else on my local network can see it.
Also, I plan to install SAMBA. I suspect that will not work either.
Below is my /etc/sysconfig/iptables file. Notice that port 80, and icmp, see to be open.
Code:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp --dport 80 -j ACCEPT
COMMIT
I tried to shut down the firewall with
Code:
# service iptables stop
but even that did not help.
|
|
|
07-24-2013, 03:20 PM
|
#5
|
Member
Registered: Mar 2013
Location: in my house
Distribution: Ubuntu,Backtrack,Fedora
Posts: 38
Rep:
|
firewall should not stop the icmp packets
if your wireless router is configured correctly then there should be problem with your hardware
|
|
|
07-24-2013, 03:56 PM
|
#6
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348
Rep: 
|
Quote:
Originally Posted by walterbyrd
Code:
# ping 192.168.1.108
PING 192.168.1.108 (192.168.1.108) 56(84) bytes of data.
From 192.168.1.109 icmp_seq=2 Destination Host Unreachable
From 192.168.1.109 icmp_seq=3 Destination Host Unreachable
From 192.168.1.109 icmp_seq=4 Destination Host Unreachable
|
You're getting an "unreachable" message from your own IP address, which would indicate a failure of the other system to respond to an ARP request.
Do you get the same message if you try pinging 192.168.1.109 from 192.168.1.108?
What's the output of arp -an if you run it immediately after you've tried pinging the other host?
|
|
|
07-24-2013, 03:57 PM
|
#7
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348
Rep: 
|
Quote:
Originally Posted by #root
firewall should not stop the icmp packets
|
Firewalls often stop ICMP Echo Request packets (the Windows firewall does), but that's not what's happening here.
|
|
|
07-24-2013, 05:58 PM
|
#8
|
Member
Registered: Mar 2012
Distribution: Scientific Linux
Posts: 147
Rep:
|
For troubleshooting purposes can you set both systems to
Code:
setenforce permissive
Try your connection tests and then set back with
Code:
setenforce enforcing
If the connection tests do not work (I do not think they will) you can rule out any SELinux as a possible cause, as you have done with the firewall by service stop.
|
|
|
07-24-2013, 08:10 PM
|
#9
|
Member
Registered: Apr 2004
Posts: 736
Original Poster
Rep:
|
Note: I have also been trying to install KVM.
I have been trying to follow the instructions here:
http://www.howtoforge.com/virtualiza...tos-6.4-server
Now, I think, my bridge is 192.168.1.109 and my eth0 is 192.168.1.105.
Anyway, when I try to ping, then do an arp -an
Code:
$ ping 192.168.1.108
PING 192.168.1.108 (192.168.1.108) 56(84) bytes of data.
From 192.168.1.109 icmp_seq=2 Destination Host Unreachable
From 192.168.1.109 icmp_seq=3 Destination Host Unreachable
$ arp -an
? (192.168.1.108) at <incomplete> on br0
? (192.168.1.1) at 00:1e:e5:32:58:3b [ether] on eth0
|
|
|
07-24-2013, 08:14 PM
|
#10
|
Member
Registered: Apr 2004
Posts: 736
Original Poster
Rep:
|
I did a "setenforce permissive" on both systems. But I still cannot ping either way.
Code:
# setenforce permissive
setenforce: SELinux is disabled
# ping 192.168.1.108
PING 192.168.1.108 (192.168.1.108) 56(84) bytes of data.
From 192.168.1.109 icmp_seq=2 Destination Host Unreachable
From 192.168.1.109 icmp_seq=3 Destination Host Unreachable
From 192.168.1.109 icmp_seq=4 Destination Host Unreachable
|
|
|
07-24-2013, 08:36 PM
|
#11
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348
Rep: 
|
There seems to be something wrong with your bridge setup. If br0 is 192.168.1.109, then eth0 should not have an IPv4 address at all.
It's all there in the HowTo document.
|
|
|
07-25-2013, 02:05 AM
|
#12
|
Member
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 665
Rep: 
|
hmm Ser Olmy sounds correct:
can you paste the output for br0 and eth0 configuration:
I never used Cent OS but similar to redhat it should be the location with command:
cat /etc/sysconfig/network-scripts/ifcfg-br0
|
|
|
07-25-2013, 11:47 AM
|
#13
|
Senior Member
Registered: Sep 2009
Location: Raleigh, NC
Distribution: Ubuntu, PopOS, Raspbian
Posts: 1,899
|
Quote:
Originally Posted by walterbyrd
Code:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp --dport 80 -j ACCEPT
COMMIT
|
It could also be a routing issue. List your routing table (route command).
As an aside not related to your "ping" troubles, in iptables order in which the rules are implemented matters. Since "-A INPUT -j REJECT --reject-with icmp-host-prohibited" appears before "-A INPUT -p tcp --dport 80 -j ACCEPT" then it will get blocked before it ever reaches that rule. Reorganize it so that the "REJECT" rules are at the very bottom of your rule set.
**EDIT
Your ping troubles are directly related to this post.
SAM
Last edited by sag47; 07-25-2013 at 11:57 AM.
|
|
|
07-26-2013, 11:54 AM
|
#14
|
Member
Registered: Apr 2004
Posts: 736
Original Poster
Rep:
|
Thanks for all the help. I just noticed that the hardware address in ifcfg-eth0 does not match what I get when I do an ifconfig. I don't why I'm getting this IPv6 stuff. I am not using IPv6.
Code:
# cat /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE="br0"
NM_CONTROLLED="yes"
ONBOOT=yes
TYPE=Bridge
BOOTPROTO=none
IPADDR=192.168.1.109
PREFIX=24
GATEWAY=192.168.1.1
DNS1=75.75.75.75
DNS1=75.75.76.76
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System br0"
Code:
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
#BOOTPROTO="dhcp"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
UUID="08986b4c-ed59-41f4-b329-f08e3100af28"
HWADDR="00:30:67:6F:7B:D1"
#IPADDR=192.168.0.100
#PREFIX=24
#GATEWAY=192.168.0.1
#DNS1=75.75.75.75
#DNS1=75.75.76.76
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
BRIDGE=br0
Code:
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 1 0 0 eth0
192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0
link-local * 255.255.0.0 U 1003 0 0 br0
Code:
# ifconfig
br0 Link encap:Ethernet HWaddr 06:E7:70:7E:35:7D
inet addr:192.168.1.109 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::4e7:70ff:fe7e:357d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:171 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:25402 (24.8 KiB)
eth0 Link encap:Ethernet HWaddr 94:DE:80:2F:C5:8B
inet addr:192.168.1.105 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::96de:80ff:fe2f:c58b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:58300 errors:0 dropped:0 overruns:0 frame:0
TX packets:42773 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:81109669 (77.3 MiB) TX bytes:3873255 (3.6 MiB)
|
|
|
07-26-2013, 07:05 PM
|
#15
|
Member
Registered: Apr 2004
Posts: 736
Original Poster
Rep:
|
Here is my network:
Router: 192.168.1.1
ash: 192.168.1.108
oak: 192.168.1.104
fir:
- eth0: 192.168.1.105
- br0: 192.168.1.109
All the problems are with fir. Fir cannot ping anything, except itself, on the local network. Fir cannot even ping the router. Fir can ping itself at either IP address. Fir can also ping yahoo.com.
Also, nothing on the local network, except for fir itself, can ping fir at either of fir's IP addresses.
The other PCs on the local network: ash and oak, can ping each other, and can ping the router. They cannot ping fir.
|
|
|
All times are GMT -5. The time now is 08:09 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|