Unable to ping some hosts on local network from linux box

john test · 03-30-2009, 04:12 PM

small home network
severaal windows boxes and a ubuntu 710 box
All windows boxes can ping any device on the network
Linux box can ping self, router and cable modem but can not ping any of the windows boxes.

Code:

# ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
^X
--- 192.168.1.100 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 9010ms

I can SSH to the Linux box from the windows boxes (putty)

TIA

strick1226 · 03-31-2009, 09:31 AM

Are you sure the Windows boxes can ping each other? Or do they time out as well (unless attempting to ping router etc.)?

I believe if you have XPSP2's (or later) firewall enabled, default policy blocks ICMP requests...

fpmurphy · 03-31-2009, 09:34 AM

Are all the boxes on the same subnet i.e. 192.168.1.*?

john test · 03-31-2009, 01:30 PM

all boxes on same subnet.
Linux box Static IP 192.068.1.125
Vista box Stgatic IP 192.168.1.135
XP box Dynamic ip 192.168.1.10x
XP Pro box Dynamic ip 192.168.1.10y
Router 192.168.1.1
Vista Box can ping both XP boxes, router cable modem, internet sites and Linun Box
XP boxes can do the same as the Vista box
Linux box can ping Self, router cable box and internet sites but not any of the windows boxes
Failure occurs pinging with host name or IP address

Samba works and provides access to Linux file system from the windows boxes.
Power down all boxes except Router and Cable modem every night
Have done /etc/init.d/networking restart on the linux box to no avail

john test · 04-02-2009, 12:56 PM

Here is my iptables:

Code:

 $ iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

and here is the ip route

Code:

 $ ip route
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.125
169.254.0.0/16 dev eth0  scope link  metric 1000
default via 192.168.1.1 dev eth0  metric 2000

harry_uk · 04-03-2009, 12:25 AM

Quote:

Originally Posted by john test

all boxes on same subnet.
Linux box Static IP 192.068.1.125
Vista box Stgatic IP 192.168.1.135
XP box Dynamic ip 192.168.1.10x
XP Pro box Dynamic ip 192.168.1.10y
Router 192.168.1.1
Vista Box can ping both XP boxes, router cable modem, internet sites and Linun Box
XP boxes can do the same as the Vista box
Linux box can ping Self, router cable box and internet sites but not any of the windows boxes
Failure occurs pinging with host name or IP address

Samba works and provides access to Linux file system from the windows boxes.
Power down all boxes except Router and Cable modem every night
Have done /etc/init.d/networking restart on the linux box to no avail

Unless you have some firewall software in the windows box, which is configured with high security level, or explicitly block icmp protocol from hosts other than windows box, this problem cannot appear, as your ip route is clear and ip tables also clear.

Windows firewall is definitely not the issue.

john test · 04-03-2009, 07:42 AM

boggles my mind. iptables is empty, ip route is good and the linux box can see both windows boxes /.100 and /.135

Code:

 # ip neigh
192.168.1.100 dev eth0 lladdr 00:13:20:99:61:43 REACHABLE
192.168.1.1 dev eth0 lladdr 00:13:10:62:31:1c REACHABLE
192.168.1.135 dev eth0 lladdr 00:22:19:db:ad:07 REACHABLE

and I still get

Code:

# ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.

--- 192.168.1.100 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6010m

Both Windows machines can ping all devices on the net including the Linux but the linux box can not ping the windows boxes even though it knows they are there via arp and and ip neigh.

harry_uk · 04-04-2009, 10:48 PM

Can you check tcp wrappers

Code:

root# cat /etc/hosts.deny

Please print it here.

Code:

root# ifconfig eth0

and post it here

Also on the windows box do this please

Code:

c:\>arp -a

Code:

c:\> route print

and post here..

Can you try something temporarily.

Can you activate dhcpd daemon for the linux box, allocate a dynamic ip, and then try pinging the windows boxes. Im trying to zoom in to the exact point for the problem, so that we can kill it right there.

john test · 04-05-2009, 04:33 PM

# cat /etc/hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
# for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.

# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID

# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:1A:4D

C:B9:E6
inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::21a:4dff:fedc:b9e6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:649 errors:0 dropped:0 overruns:0 frame:0
TX packets:733 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:163079 (159.2 KB) TX bytes:157663 (153.9 KB)
Interrupt:18 Base address:0x6000

arp -a
Linksys (192.168.1.1) at 00:13:10:62:31:1C [ether] on eth0
GavmanAndMom2.local (192.168.1.100) at 00:13:20:99:61:43 [ether] on eth0
james-pc (192.168.1.135) at 00:22:19

B:AD:07 [ether] on eth0

route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
default Linksys 0.0.0.0

ip route
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.102
default via 192.168.1.1 dev eth0

Deactivated Static and Dynamic address is 192.168.1.102

ping -c 1 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.

--- 192.168.1.100 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

ping -c 1 192.168.1.135
PING 192.168.1.135 (192.168.1.135) 56(84) bytes of data.

--- 192.168.1.135 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

.100 and .135 are windows boxes

ping -c 1 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=2.47 ms

--- 192.168.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 2.473/2.473/2.473/0.000 ms

ping -c 1 192.168.1.102
PING 192.168.1.102 (192.168.1.102) 56(84) bytes of data.
64 bytes from 192.168.1.102: icmp_seq=1 ttl=64 time=0.044 ms

--- 192.168.1.102 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.044/0.044/0.044/0.000 ms

and .1 and .102 are the router and linux box respectively

thanks for your help

harry_uk · 04-06-2009, 12:23 AM

From the logs that you have given, everything is clear..... No errors on the configs...

What is the internet security suite ur running on the windows box... Can you please disable and try, cos natively in windows 32 bytes is the ping size, but in linux 64 bytes is the ping size. If the Internet security is set to drop all packets more than 32 bytes in size ( to prevent ddos attacks using icmp), then no matter how hard you try you cannot get this resolved.

Ensure that the firewall and IDS features are disabled completely and try.

The fact that samba works is itself a conclusive proof that linux box is able to talk back to the windows box....

Other than this, nothing else can be a problem dude....

john test · 04-06-2009, 10:54 AM

Thanks for the help
Changing packet size on the XP machine (McAfee AV) rereals that Packet size of 61 bytes fails and packet size of 60 bytes or less works.

Code:

s# ping -c 1 -s 33 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 33(61) bytes of data.

--- 192.168.1.100 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

s# ping -c 1 -s 32 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 32(60) bytes of data.
40 bytes from 192.168.1.100: icmp_seq=1 ttl=128 time=5.88 ms

--- 192.168.1.100 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.885/5.885/5.885/0.000 ms

The Vista machine with Trend Micro AV fails with packet sizes of 59 and 30

Code:

s# ping -c 1 -s 2 192.168.1.135
PING 192.168.1.135 (192.168.1.135) 2(30) bytes of data.

--- 192.168.1.135 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms


# ping -c 1 -s 1 192.168.1.135
PING 192.168.1.135 (192.168.1.135) 1(29) bytes of data.

--- 192.168.1.135 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

Strange Stuff!!!

BTW Samba works One Way only. Windows machines can use the shares on the Linux box but smbclient won't connect with the shares on the windows boxes. It can see them, but can't connect or use the shares on the windows boxes.

harry_uk · 04-07-2009, 09:05 AM

This kind of "It can see them" but cannot use clearly means that the ports are filtered in the firewall.

To the extent i Know open ports 135, 445, 139 in your firewall in the windows boxes. Since you have internet security suite with firewall, please disable windows firewall or ensure its disabled to save yourself from headache.

Then please open these ports in the internet security suite.

You might wanna use TCP pinging to the Vista box, since i think trend micro is blocking some specific signatures from linux pinging, im not a packet level expert to tell you whats happening. I can tell you that its the security suite's mischief.

john test · 04-07-2009, 12:10 PM

Thanks for the help. The XP box is rejecting pings with more than 60 bytes
So I can ping from the Linux box if I specify packet size of 32 which gives a total of 60 bytes with the overhead.
The Vista box seems to be rejecting all pings of any size.

I'll contact Trend Micro or switch to Mcaffee for antivirus/firewall.

Thanks again

john test · 04-16-2009, 01:00 PM

Killed Trend firewall and pings work well.
I am confused in that it seemed to me that I used to be able to ping the windows boxes from the linux box with our changing packet size.

Until I figure it out I will just use arpping which seems to traverse the trend firewall and has a packet size compatible with the windows box standards

jonnytabpni · 04-16-2009, 02:07 PM

Ditch all 3rd party firewalls. All they cause is studpid problems like this.

If you are an advanced computer user (And using linux you probably are), the 4 tips to a relativly secure setup (in my books):

1)Use windows firewall - free and doesn't slow system down
2)Have a properly configured gateway/route/firewall - Any home Linksys/Belkin/Joe the plumber brand will suffice if lots of ports arn't open
3) Run free anti-virus software such as AVG - its free, oh and it's free
4) BE RESPONSIBLE! Don't go to silly warez or dodgy torrent sites which are going to bring you malware. And if you insist on going there, then setup a VM which only has access to internet to do all that stuff on.

Just my 2p/2c (depending in which country you live decides whether you got a better deal or not!)