Can SSH From Remote, Computer Can Not Ping Out

Kernels & Hardware, configuring network, installing services

Can SSH From Remote, Computer Can Not Ping Out

Postby lindylex » 2018-12-20 19:41

This has work since December of 2015. It is my VPN. Two weeks ago it stopped working. I am currently able to login to the computer using ssh from remotely but I can no longer ping external sources. It does not do an apt update, ping or receive VPN connection as it previously did. If I can resolve it gaining access to external resources via pinging or some other modality this should resolve my OpenVpn issues. This is my hypothesis.

Network Structure

[ Comcast Business Class Router WAN 28.82.XX.XXX port trigger 22 point to 10.1.10.9 IP it assigned to Linksys Router ]
>> [ Linksys Router IP 10.1.10.9 assigned from Comcast router | LAN 192.168.1.1 | port triger 22 to 192.168.1.120]
>> [ Switch ] >> [ Problem Computer LAN 192.168.1.120 ]

Debian Jessie

uname -a
Linux umdgcvpn 3.16.0-4-686-pae #1 SMP Debian 3.16.7-ckt11-1+deb8u6 (2015-11-09) i686 GNU/Linux


route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1


cat /etc/resolv.conf
nameserver 2603:301d:2300:7de0:cad7:19ff:fe0e:31b3

ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0d:60:6c:39:3e brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 00:1b:2f:31:99:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.120/24 brd 192.168.1.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 2603:301d:2300:7de0:21b:2fff:fe31:9946/64 scope global mngtmpaddr dynamic
valid_lft 298441sec preferred_lft 298441sec
inet6 fe80::21b:2fff:fe31:9946/64 scope link
valid_lft forever preferred_lft forever
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 00:1b:2f:31:99:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.120/24 brd 192.168.1.255 scope global br0
valid_lft forever preferred_lft forever
inet6 2603:301d:2300:7de0:21b:2fff:fe31:9946/64 scope global mngtmpaddr dynamic
valid_lft 298393sec preferred_lft 298393sec
inet6 fe80::21b:2fff:fe31:9946/64 scope link
valid_lft forever preferred_lft forever
7: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 100
link/ether 8e:c4:51:b8:a8:ec brd ff:ff:ff:ff:ff:ff
inet6 fe80::8cc4:51ff:feb8:a8ec/64 scope link
valid_lft forever preferred_lft forever


ping -c 3 google.com
ping: unknown host google.com


traceroute google.com
google.com: System error
Cannot handle "host" cmdline arg `google.com' on position 1 (argc 1)


wget http://www.google.com
--2018-12-20 15:06:10-- http://www.google.com/
Resolving http://www.google.com (http://www.google.com)... failed: Connection timed out.
wget: unable to resolve host address ‘www.google.com’


ping -s 1600 google.com
ping: unknown host google.com


ping 192.168.1.1 -c 1 -s 1499 -M do
PING 192.168.1.1 (192.168.1.1) 1499(1527) bytes of data.
ping: local error: Message too long, mtu=1500

--- 192.168.1.1 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms


ping 192.168.1.1 -c 1 -s 1480 -M do
PING 192.168.1.1 (192.168.1.1) 1480(1508) bytes of data.
ping: local error: Message too long, mtu=1500

--- 192.168.1.1 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms


ping http://www.cisco.com -c 1 -s 1472 -M do
ping: unknown host http://www.cisco.com


ping http://www.cisco.com -c 1 -s 1464 -M do
ping: unknown host http://www.cisco.com
lindylex
 
Posts: 62
Joined: 2007-05-23 12:50

Re: Can SSH From Remote, Computer Can Not Ping Out

Postby bw123 » 2018-12-21 06:24

from man page for ping:
When using ping for fault isolation, it should first be run on the local host, to verify
that the local network interface is up and running. Then, hosts and gateways further and
further away should be ``pinged''.


so to test basic network you could just follow your description in reverse:
Comcast Business Class Router WAN 28.82.XX.XXX port trigger 22 point to 10.1.10.9 IP it assigned to Linksys Router ]
>> [ Linksys Router IP 10.1.10.9 assigned from Comcast router | LAN 192.168.1.1 | port triger 22 to 192.168.1.120]
>> [ Switch ] >> [ Problem Computer LAN 192.168.1.120 ]

can you ping 192.168.1.120, 192.168.1.1, 10.1.10.9, 28.82.XX.XXX, 8.8.8.8
if you can, then it's dns problem? Why do you only have ip6 dns anyway, is that assigned from dhcp? I don't use ip6 myself, so I don't quite understand the setup.

p.s. I don't think ping can accept http:// or other prefix it only wants names or numbers. I could be wrong, I'm on stretch, didn't see the -M flag either...

oh yeah, BTW if you edit your post and use code tags for all that output it will help other people read it, might get you quicker response.
User avatar
bw123
 
Posts: 3679
Joined: 2011-05-09 06:02
Location: TN_USA

Re: Can SSH From Remote, Computer Can Not Ping Out

Postby lindylex » 2018-12-21 07:10

[SOLVED SOLUTION ]

I changed my /etc/network/interfaces file to look like this. "eth1" is my main network card that has an ip and handles my internet requests. I rebooted the computer and it works.

To use this solution run the following commands.

# ip a

This will display the card with the ip address ex :

Code: Select all
3: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether 00:1b:2f:31:99:46 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.120/24 brd 192.168.1.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::21b:2fff:fe31:9946/64 scope link
       valid_lft forever preferred_lft forever



This helped be know which card to modify in the /etc/network/interfaces file. Add this line "gateway 192.168.1.1" to match the router on your L.A.N. Local Area Network you are connected to. This will most likely do the nameserver resolution. You can also use "gateway 1.1.1.1" I am not sure how this works in relations to LAN traffic. Best of luck.

Not sure what your router IP is do the following.

# traceroute nis.nsf.net

Code: Select all
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo br0
iface lo inet loopback

# The primary network interface
allow-hotplug eth1
iface eth1 inet dhcp
gateway 192.168.1.1

# This is an autoconfigured IPv6 interface
iface eth1 inet6 auto


# Bridge setup
#iface br0 inet dhcp
#        bridge_ports eth1
lindylex
 
Posts: 62
Joined: 2007-05-23 12:50


Return to System configuration

Who is online

Users browsing this forum: No registered users and 10 guests

fashionable