cut Posted September 10, 2012 Share Posted September 10, 2012 I have 3 PCs, Windows, Linux 1 and Linux 2. Windows can ping both Linux 1 and Linux 2 Liunx 1 can ping both Windows and Linux 2 Linux 2 can ping Windows but cannot ping Linux 1 It would sound like a firewall issue but Linux 1 has the firewall disabled. Where/what else can I look at? Link to comment Share on other sites More sharing options...
manroweb Posted September 10, 2012 Share Posted September 10, 2012 How are your devices physically connected together? Switches/Routers/Access points etc? Link to comment Share on other sites More sharing options...
Dan~ Posted September 10, 2012 Share Posted September 10, 2012 Hmm, I've never really used linux but the problem is Linux 2 cannot ping Linux 1. Have you disabled the firewall on both? Are you pinging by IP address rather than hostname? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted September 10, 2012 MVC Share Posted September 10, 2012 Really need to know how these devices are connected - same switch/router lan ports? Are any of them wireless? Is there a nat between any of them? Also great question is the name or IP - ping by IP for testing, or you might just have a name resolution issue. Once you know you can ping by IP you can move to name resolution problems. On the box your trying to ping from -- try to ping the IP, then look at the arp table. Do you show the correct MAC for the IP your trying to ping. If not - you need to find out why, never going to be able to ping if you don't know the mac. This can be an issue sometimes via wireless. On linux you can view the arp table arp -n example budman@ubuntu:~$ arp -n Address HWtype HWaddress Flags Mask Iface 192.168.1.40 ether 2c:76:8a:ad:f6:56 C eth0 192.168.1.253 ether 00:50:56:00:00:02 C eth0 budman@ubuntu:~$ ping 192.168.1.100 PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data. 64 bytes from 192.168.1.100: icmp_req=1 ttl=128 time=1.47 ms 64 bytes from 192.168.1.100: icmp_req=2 ttl=128 time=0.557 ms 64 bytes from 192.168.1.100: icmp_req=3 ttl=128 time=0.607 ms 64 bytes from 192.168.1.100: icmp_req=4 ttl=128 time=0.499 ms 64 bytes from 192.168.1.100: icmp_req=5 ttl=128 time=0.820 ms 64 bytes from 192.168.1.100: icmp_req=6 ttl=128 time=0.690 ms ^C --- 192.168.1.100 ping statistics --- 6 packets transmitted, 6 received, 0% packet loss, time 5004ms rtt min/avg/max/mdev = 0.499/0.775/1.478/0.330 ms budman@ubuntu:~$ arp -n Address HWtype HWaddress Flags Mask Iface 192.168.1.40 ether 2c:76:8a:ad:f6:56 C eth0 192.168.1.253 ether 00:50:56:00:00:02 C eth0 192.168.1.100 ether 18:03:73:b1:0d:d3 C eth0 bad no mac example; budman@ubuntu:~$ ping 192.168.1.32 PING 192.168.1.32 (192.168.1.32) 56(84) bytes of data. ^C --- 192.168.1.32 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 1999ms budman@ubuntu:~$ arp -n Address HWtype HWaddress Flags Mask Iface 192.168.1.32 (incomplete) eth0 192.168.1.253 ether 00:50:56:00:00:02 C eth0 192.168.1.100 ether 18:03:73:b1:0d:d3 C eth0 Link to comment Share on other sites More sharing options...
LittleNeutrino Veteran Posted September 10, 2012 Veteran Share Posted September 10, 2012 are they all on the same subnet, that can cause it sometimes. Link to comment Share on other sites More sharing options...
Sparky101 Posted September 12, 2012 Share Posted September 12, 2012 Yeah, I would check the subnet masks, make sure they're all the same. If Linux2 thinks Linux1 is in a different subnet than itself then it will send the pings to its default gateway rather than direct to Linux1. Link to comment Share on other sites More sharing options...
cut Posted September 17, 2012 Author Share Posted September 17, 2012 How are your devices physically connected together? Switches/Routers/Access points etc? Currently, they are all connected to the same switch. Hmm, I've never really used linux but the problem is Linux 2 cannot ping Linux 1. Have you disabled the firewall on both? Are you pinging by IP address rather than hostname? Yup, firewall is disabled on both. Im pinging by IPs.... Really need to know how these devices are connected - same switch/router lan ports? Are any of them wireless? Is there a nat between any of them? Also great question is the name or IP - ping by IP for testing, or you might just have a name resolution issue. Once you know you can ping by IP you can move to name resolution problems. On the box your trying to ping from -- try to ping the IP, then look at the arp table. Do you show the correct MAC for the IP your trying to ping. If not - you need to find out why, never going to be able to ping if you don't know the mac. This can be an issue sometimes via wireless. On linux you can view the arp table arp -n example budman@ubuntu:~$ arp -n Address HWtype HWaddress Flags Mask Iface 192.168.1.40 ether 2c:76:8a:ad:f6:56 C eth0 192.168.1.253 ether 00:50:56:00:00:02 C eth0 budman@ubuntu:~$ ping 192.168.1.100 PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data. 64 bytes from 192.168.1.100: icmp_req=1 ttl=128 time=1.47 ms 64 bytes from 192.168.1.100: icmp_req=2 ttl=128 time=0.557 ms 64 bytes from 192.168.1.100: icmp_req=3 ttl=128 time=0.607 ms 64 bytes from 192.168.1.100: icmp_req=4 ttl=128 time=0.499 ms 64 bytes from 192.168.1.100: icmp_req=5 ttl=128 time=0.820 ms 64 bytes from 192.168.1.100: icmp_req=6 ttl=128 time=0.690 ms ^C --- 192.168.1.100 ping statistics --- 6 packets transmitted, 6 received, 0% packet loss, time 5004ms rtt min/avg/max/mdev = 0.499/0.775/1.478/0.330 ms budman@ubuntu:~$ arp -n Address HWtype HWaddress Flags Mask Iface 192.168.1.40 ether 2c:76:8a:ad:f6:56 C eth0 192.168.1.253 ether 00:50:56:00:00:02 C eth0 192.168.1.100 ether 18:03:73:b1:0d:d3 C eth0 bad no mac example; budman@ubuntu:~$ ping 192.168.1.32 PING 192.168.1.32 (192.168.1.32) 56(84) bytes of data. ^C --- 192.168.1.32 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 1999ms budman@ubuntu:~$ arp -n Address HWtype HWaddress Flags Mask Iface 192.168.1.32 (incomplete) eth0 192.168.1.253 ether 00:50:56:00:00:02 C eth0 192.168.1.100 ether 18:03:73:b1:0d:d3 C eth0 These devices are all connect to the same switch. On this there is also a router and some other Windows PCs, which can ping each other. I (and I think anyone else should) ping by IP. Yes I can confirm that the mac in the arp table is correct. are they all on the same subnet, that can cause it sometimes. Yeah, I would check the subnet masks, make sure they're all the same. If Linux2 thinks Linux1 is in a different subnet than itself then it will send the pings to its default gateway rather than direct to Linux1. Yup, also confirming they are all on the same subnet.... Link to comment Share on other sites More sharing options...
+BudMan MVC Posted September 17, 2012 MVC Share Posted September 17, 2012 So that makes no sense then, none. Unless you have mask wrong with some really lucky/unlucky ip choices to where they fall in the mask. Points to firewall on the host to be honest. I would sniff on the one you can not ping - does he see the pings? If so then clearly he is not answering for a reason, or does he answer just really slow and your getting timeouts? Or something really weird on the switch, try changing ports around. Is it a smart switch, or just a dumb switch - could you be blocking stuff on it? Link to comment Share on other sites More sharing options...
GreenMartian Posted September 17, 2012 Share Posted September 17, 2012 Maybe show us the dump of ifconfig, arp, and route on both linux boxes? Link to comment Share on other sites More sharing options...
cut Posted September 17, 2012 Author Share Posted September 17, 2012 So that makes no sense then, none. Unless you have mask wrong with some really lucky/unlucky ip choices to where they fall in the mask. Points to firewall on the host to be honest. I would sniff on the one you can not ping - does he see the pings? If so then clearly he is not answering for a reason, or does he answer just really slow and your getting timeouts? Or something really weird on the switch, try changing ports around. Is it a smart switch, or just a dumb switch - could you be blocking stuff on it? Ive included a screenshot that shows on Linux 2 that the mask is default and correct. Ive also reran the command to shutdown the firewall. Ill sniff in about 2 hours and get with the results as I cant right now. Maybe show us the dump of ifconfig, arp, and route on both linux boxes? By dumps, I imagine the same thing as in the screenshot, correct? Link to comment Share on other sites More sharing options...
cut Posted September 17, 2012 Author Share Posted September 17, 2012 I used tcpdump on the box I could not reach........Surprising results. It seems that it DOES recieve the ping and it actually replies but I do not see it on the command line. This was ran on Linux 2 (box that does NOT reply) 13:58:22.992748 IP 192.168.100.115.ssh > linux2box..28107: Flags [P.], ack 2511154091, win 6068, length 196 13:58:22.993473 IP linux2box..28107 > 192.168.100.115.ssh: Flags [.], ack 196, win 4112, length 0 13:58:22.995735 IP 192.168.100.115.45340 > 192.168.100.100.domain: 2+ PTR? 115.100.168.192.in-addr.arpa. (46) 13:58:22.998776 IP 192.168.100.100.domain > 192.168.100.115.45340: 2 NXDomain* 0/1/0 (153) 13:58:23.003244 IP 192.168.100.100.domain > 192.168.100.115.46194: 3* 1/0/0 (95) 13:58:23.005639 IP 192.168.100.115.36789 > 192.168.100.100.domain: 4+ PTR? 100.100.168.192.in-addr.arpa. (46) 13:58:23.008618 IP 192.168.100.100.domain > 192.168.100.115.36789: 4 NXDomain* 0/1/0 (153) 13:58:23.902042 IP 192.168.100.199 > 192.168.100.115: ICMP echo request, id 5773, seq 1, length 64 13:58:23.902459 IP 192.168.100.115 > 192.168.100.199: ICMP echo reply, id 5773, seq 1, length 64 13:58:23.904009 IP 192.168.100.115.fido > 192.168.100.100.domain: 5+ PTR? 199.100.168.192.in-addr.arpa. (46) 13:58:23.907282 IP 192.168.100.100.domain > 192.168.100.115.fido: 5 NXDomain* 0/1/0 (153) 13:58:23.997979 IP 192.168.100.115.38366 > 192.168.100.100.domain: 6+[|domain] 13:58:24.001001 IP 192.168.100.100.domain > 192.168.100.115.38366: 6 NXDomain[|domain] 13:58:24.003131 IP 192.168.100.115.52267 > 192.168.100.100.domain: 7+[|domain] 13:58:24.006145 IP 192.168.100.100.domain > 192.168.100.115.52267: 7 NXDomain[|domain] 13:58:24.901941 IP 192.168.100.199 > 192.168.100.115: ICMP echo request, id 5773, seq 2, length 64 13:58:24.902274 IP 192.168.100.115 > 192.168.100.199: ICMP echo reply, id 5773, seq 2, length 64 13:58:24.950779 IP edited..59290 > 239.255.255.250.1900: UDP, length 133 13:58:24.955935 IP 192.168.100.100.domain > 192.168.100.115.47203: 8* 1/0/0 (95) 13:58:24.957545 IP 192.168.100.115.32870 > 192.168.100.100.domain: 9+ PTR? 250.255.255.239.in-addr.arpa. (46) 13:58:24.960529 IP 192.168.100.100.domain > 192.168.100.115.32870: 9 NXDomain 0/1/0 (103) 13:58:25.901936 IP 192.168.100.199 > 192.168.100.115: ICMP echo request, id 5773, seq 3, length 64 13:58:25.902267 IP 192.168.100.115 > 192.168.100.199: ICMP echo reply, id 5773, seq 3, length 64 13:58:26.901958 IP 192.168.100.199 > 192.168.100.115: ICMP echo request, id 5773, seq 4, length 64 13:58:26.902287 IP 192.168.100.115 > 192.168.100.199: ICMP echo reply, id 5773, seq 4, length 64 13:58:27.712914 ARP, Request who-has 192.168.100.115 ((oui Unknown)) tell linux2box., length 46 13:58:27.713037 ARP, Reply 192.168.100.115 is-at macadd (oui Unknown), length 28 13:58:27.970501 IP edited..59290 > 239.255.255.250.1900: UDP, length 133 13:58:28.152491 IP 192.168.100.115.52475 > 192.168.100.199.1194: UDP, length 69 13:58:28.523900 IP linux2box..28107 > 192.168.100.115.ssh: Flags [P.], ack 196, win 4112, length 52 Link to comment Share on other sites More sharing options...
+BudMan MVC Posted September 17, 2012 MVC Share Posted September 17, 2012 so it is sending reply to your ping -- do a sniff on the box that sending, its not seeing replies? Link to comment Share on other sites More sharing options...
cut Posted September 17, 2012 Author Share Posted September 17, 2012 so it is sending reply to your ping -- do a sniff on the box that sending, its not seeing replies? OK, we are getting somewhere: The machine is not seeing the replies from Linux 1. root@mylocalmachine:~# tcpdump -i eth2 > results tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes 13 packets captured 78 packets received by filter 35 packets dropped by kernel root@mylocalmachine:~# cat results 16:20:16.308831 IP mylocalmachine.local.ssh > localsite.net.27235: Flags [P.], seq 2762984911:2762985107, ack 2735301118, win 2387, length 196 16:20:16.308882 IP mylocalmachine.local.ssh > localsite.net.27235: Flags [P.], seq 196:248, ack 1, win 2387, length 52 16:20:16.309384 IP localsite.net.27235 > mylocalmachine.local.ssh: Flags [.], ack 196, win 4380, length 0 16:20:16.309672 IP mylocalmachine.local.27450 > 192.168.100.100.domain: 41740+ PTR? 199.100.168.192.in-addr.arpa. (46) 16:20:16.309791 IP localsite.net.27235 > mylocalmachine.local.ssh: Flags [P.], seq 1:85, ack 248, win 4367, length 84 16:20:16.309883 IP localsite.net.27235 > mylocalmachine.local.ssh: Flags [P.], seq 85:137, ack 248, win 4367, length 52 16:20:16.312555 IP 192.168.100.100.domain > mylocalmachine.local.27450: 41740 NXDomain* 0/1/0 (153) 16:20:16.313252 IP mylocalmachine.local.7622 > 192.168.100.100.domain: 56557+ PTR? 100.100.168.192.in-addr.arpa. (46) 16:20:16.316045 IP 192.168.100.100.domain > mylocalmachine.local.7622: 56557 NXDomain* 0/1/0 (153) 16:20:16.360744 IP mylocalmachine.local.ssh > localsite.net.27235: Flags [.], ack 137, win 2387, length 0 16:20:16.377800 IP mylocalmachine.local.ssh > localsite.net.27235: Flags [P.], seq 248:284, ack 137, win 2387, length 36 16:20:16.416444 IP6 fe80::217:3fff:fe99:e4ab.mdns > ff02::fb.mdns: 0 PTR (QM)? 100.100.168.192.in-addr.arpa. (46) 16:20:16.416502 IP mylocalmachine.local.mdns > 224.0.0.251.mdns: 0 PTR (QM)? 100.100.168.192.in-addr.arpa. (46) Also some are getting dropped by the kernel (which could be those) Link to comment Share on other sites More sharing options...
+BudMan MVC Posted September 17, 2012 MVC Share Posted September 17, 2012 set your capture to only be icmp, that should rule out the drops being what your looking for in your capture. So this make it even more interesting -- what would keep the replies from getting back, since it looks like your capture on the box you were pinging that it was putting replies back on the wire. What kind of switch is this? Is it possible its doing any filtering? I don't see any icmp in that capture at all? I would be doing captures on both boxes at the same time, only for icmp and then create your traffic. What are you seeing? So for example here is from my ubuntu box pinging another box. At the same time you should be doing the capture on the box your pinging. I would also verify your listening on the correct interface - eth2 seems odd to me in your post. Link to comment Share on other sites More sharing options...
cut Posted September 18, 2012 Author Share Posted September 18, 2012 set your capture to only be icmp, that should rule out the drops being what your looking for in your capture. Couldnt remember the way to filter, sorry. What kind of switch is this? Is it possible its doing any filtering? I don't see any icmp in that capture at all? Dumb simple switch. Nothing about it special. I would also verify your listening on the correct interface - eth2 seems odd to me in your post. The PC has 2 network cards. The first one (eth1) is ****ed up so Im on eth2. Ive also confirmed it with a ifconfig. Ill try this in a second.... Link to comment Share on other sites More sharing options...
cut Posted September 18, 2012 Author Share Posted September 18, 2012 Here you go: Ive checked and rechecked again any and all possible firewall issues (software and hardware) and as you saw in posts before, its disabled. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted September 18, 2012 MVC Share Posted September 18, 2012 What are you showing me there.. You got it showing pings and answers.. And then your capturing on the other side only showing it send. What about the capture on the other side while that ping was going? My example was to just show the command for ping only, etc.. And can I see the settings of the ips? And the macs, and these are what flavor of linux? Can see output of iptables -L example root@ubuntu:/home/budman# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination sshguard all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain sshguard (1 references) target prot opt source destination root@ubuntu:/home/budman# ifconfig eth0 Link encap:Ethernet HWaddr 00:0c:29:dd:02:ba inet addr:192.168.1.7 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fedd:2ba/64 Scope:Link inet6 addr: 2001:470:7c:27::777/64 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:215356 errors:0 dropped:10 overruns:0 frame:0 TX packets:147978 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:125120650 (125.1 MB) TX bytes:110565504 (110.5 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:300 (300.0 B) TX bytes:300 (300.0 B) Have you tried resetting your switch? What is the model number? Link to comment Share on other sites More sharing options...
Haggis Veteran Posted September 18, 2012 Veteran Share Posted September 18, 2012 sorry to wade in here i would remove the duff network card just to rule out that lol Link to comment Share on other sites More sharing options...
remixedcat Posted September 18, 2012 Share Posted September 18, 2012 is that 3 way ping like a 3some??? Link to comment Share on other sites More sharing options...
cut Posted September 19, 2012 Author Share Posted September 19, 2012 What are you showing me there.. You got it showing pings and answers.. And then your capturing on the other side only showing it send. What Im showing that it works on one side and on the other side it doesnt work.... And can I see the settings of the ips? And the macs, and these are what flavor of linux? Can see output of iptables -L example root@ubuntu:/home/budman# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination sshguard all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain sshguard (1 references) target prot opt source destination Im on another thing now so Ill have that in a few days. Latest version of Ubuntu. Have you tried resetting your switch? What is the model number? Yes. The model is a Beckhoff ES2008 Link to comment Share on other sites More sharing options...
Sparky101 Posted September 19, 2012 Share Posted September 19, 2012 Your eth2 interface looks like it's a 10Mb interface. Are the others 100Mb and are you mixing duplex settings, maybe half duplex on the 10Mb and full duplex on the 100Mb? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted September 19, 2012 MVC Share Posted September 19, 2012 "What Im showing that it works on one side and on the other side it doesnt work...." But your showing it the wrong way! Need the capture from the box your pinging - want to see getting the pings and sending them back, but your box is not getting them back? Or is it - capture on it as well. Open 3 windows, one showing you sending pings capture on the sender, then in another window show capture on the box your pinging. And lets see full macs and full pings. Like this and provide more info in the capture, example tcpdump -i eth0 -n -s 0 -vvv -e icmp And the output of ifconfig on both boxes.. showing all intefaces, and then output of ethtool on the interfaces your using root@ubuntu:/home/budman# ethtool eth0 Settings for eth0: Supported ports: [ TP ] Supported link modes: 1000baseT/Full 10000baseT/Full Supported pause frame use: No Supports auto-negotiation: No Advertised link modes: Not reported Advertised pause frame use: No Advertised auto-negotiation: No Speed: 10000Mb/s Duplex: Full Port: Twisted Pair PHYAD: 0 Transceiver: internal Auto-negotiation: off MDI-X: Unknown Supports Wake-on: uag Wake-on: d Link detected: yes I am really curious if your actually pinging the correct macs -- which I want to see the output of ifconfig showing the interfaces, and ethtool will show duplex level, etc.. As mentioned as something to look at. ifconfig will also show if errors on your nic, etc. root@ubuntu:/home/budman# ifconfig eth0 Link encap:Ethernet HWaddr 00:0c:29:dd:02:ba inet addr:192.168.1.7 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:215356 errors:0 dropped:10 overruns:0 frame:0 TX packets:147978 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:125120650 (125.1 MB) TX bytes:110565504 (110.5 MB) Link to comment Share on other sites More sharing options...
Recommended Posts