DHCP client cannot ping gateway or internet

Kernels & Hardware, configuring network, installing services

DHCP client cannot ping gateway or internet

Postby jplev22 » 2020-04-13 23:54

Hi, I am setting-up a simple dhcp server for my home lan.

From a network client I can ping the server and other devices on the same subnet.

The server cannot ping a windows client. Server can ping a Linux client. Server accesses the internet from the other ethernet port with no issue.
Clients cannot ping gateway or internet.

Networking & isc-dhcp-server services come up with no errors.

/etc/network/interfaces
Code: Select all
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto eno1
iface eno1 inet static
   address 192.168.190.20
   netmask 255.255.255.0
   broadcast 192.168.190.255
   gateway 192.168.190.1
   dns-nameservers 103.86.96.100

auto enp8s0
iface enp8s0 inet static
        address 192.168.192.1
   netmask 255.255.255.0
   broadcast 192.168.192.255


/etc/dhcp/dhcpd.conf
Code: Select all
option domain-name "JP.home";
option domain-name-servers 8.8.8.8, 8.8.4.4;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
authoritative;
subnet 192.168.192.0 netmask 255.255.255.0 {
  range 192.168.192.1 192.168.192.99;
  option domain-name-servers 103.86.96.100, 103.86.99.100;
  option routers 192.168.190.1;
  option broadcast-address 192.168.192.255;
  default-lease-time 600;
  max-lease-time 7200;
}
host homelan {
  hardware ethernet 40:2c:f4:e9:b9:df;
  fixed-address 192.168.192.1;
}


Output from /var/log/syslog
Code: Select all
Apr 13 21:11:07 JPStudy systemd[1]: Started LSB: DHCP server.
Apr 13 21:11:52 JPStudy dhcpd[6550]: DHCPDISCOVER from 14:da:e9:a0:de:9e via enp8s0
Apr 13 21:11:52 JPStudy dhcpd[6550]: ICMP Echo reply while lease 192.168.192.1 valid.
Apr 13 21:11:52 JPStudy dhcpd[6550]: Abandoning IP address 192.168.192.1: pinged before offer
Apr 13 21:11:56 JPStudy dhcpd[6550]: DHCPDISCOVER from 14:da:e9:a0:de:9e via enp8s0
Apr 13 21:11:57 JPStudy dhcpd[6550]: DHCPOFFER on 192.168.192.2 to 14:da:e9:a0:de:9e (Danika-PC) via enp8s0
Apr 13 21:11:57 JPStudy dhcpd[6550]: DHCPREQUEST for 192.168.192.2 (192.168.192.1) from 14:da:e9:a0:de:9e (Danika-PC) via enp8s0
Apr 13 21:11:58 JPStudy dhcpd[6550]: DHCPACK on 192.168.192.2 to 14:da:e9:a0:de:9e (Danika-PC) via enp8s0
Apr 13 21:12:04 JPStudy dhcpd[6550]: DHCPINFORM from 192.168.192.2 via enp8s0
Apr 13 21:12:04 JPStudy dhcpd[6550]: DHCPACK to 192.168.192.2 (14:da:e9:a0:de:9e) via enp8s0
Apr 13 21:13:06 JPStudy dhcpd[6550]: DHCPINFORM from 192.168.192.2 via enp8s0
Apr 13 21:13:06 JPStudy dhcpd[6550]: DHCPACK to 192.168.192.2 (14:da:e9:a0:de:9e) via enp8s0


Output from tcpdump -i enp8s0 for windows client
Code: Select all
21:13:43.866188 IP 192.168.192.2.netbios-ns > 192.168.192.255.netbios-ns: UDP, length 50
21:13:43.882086 ARP, Request who-has _gateway tell 192.168.192.2, length 46
21:13:44.765574 ARP, Request who-has _gateway tell 192.168.192.2, length 46
21:13:45.382031 ARP, Request who-has _gateway tell 192.168.192.2, length 46
21:13:46.382022 ARP, Request who-has _gateway tell 192.168.192.2, length 46
21:13:47.894873 IP 192.168.192.2.netbios-ns > 192.168.192.255.netbios-ns: UDP, length 50
21:13:48.644112 IP 192.168.192.2.netbios-ns > 192.168.192.255.netbios-ns: UDP, length 50
21:13:49.394261 IP 192.168.192.2.netbios-ns > 192.168.192.255.netbios-ns: UDP, length 50
21:13:49.451135  tell 192.168.192.2, length 46
21:13:50.160810 ARP, Request who-has _gateway tell 192.168.192.2, length 46
21:13:50.880944 ARP, Request who-has _gateway tell 192.168.192.2, length 46



Output from tcpdump -vv -i enp8s0 for Linux client
Code: Select all
tcpdump: listening on enp8s0, link-type EN10MB (Ethernet), capture size 262144 bytes
06:45:21.708797 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has _gateway tell 192.168.192.3, length 46
06:45:22.757205 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has _gateway tell 192.168.192.3, length 46


I am not sure how to interpret the tcp dump. The client cannot route to gateway?

Ip forwarding seems to be enabled
Code: Select all
# cat /proc/sys/net/ipv4/ip_forward
1


Code: Select all
# ip route
default via 192.168.190.1 dev eno1 onlink
192.168.190.0/24 dev eno1 proto kernel scope link src 192.168.190.20
192.168.192.0/24 dev enp8s0 proto kernel scope link src 192.168.192.1


Any input would be appreciated.
Last edited by jplev22 on 2020-04-14 08:57, edited 1 time in total.
jplev22
 
Posts: 5
Joined: 2020-04-13 00:53

Re: Cannot ping DHCP client

Postby p.H » 2020-04-14 06:37

The "routers" option value is wrong. A router's address must be directly reachable on the link.
The "range" option is wrong, it should not include any statically assigned address.
p.H
 
Posts: 1512
Joined: 2017-09-17 07:12

Re: Cannot ping DHCP client

Postby kopper » 2020-04-14 07:12

jplev22 wrote:/etc/dhcp/dhcpd.conf
Code: Select all
...
subnet 192.168.192.0 netmask 255.255.255.0 {
  range 192.168.192.1 192.168.192.99;
  option domain-name-servers 103.86.96.100, 103.86.99.100;
  option routers 192.168.190.1;
...


Looks like you offer wrong router information to your DHCP clients.
Debian 10.2 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
kopper
 
Posts: 136
Joined: 2016-09-30 14:30

Re: DHCP client cannot ping gateway or internet

Postby jplev22 » 2020-04-14 14:58

Thanks for the input. Seems to go further but cannot ping internet or another subnet.

New dhcpd.conf
Code: Select all
 
option domain-name "home";
option domain-name-servers 8.8.8.8, 8.8.4.4;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 192.168.192.0 netmask 255.255.255.0 {
range 192.168.192.20 192.168.192.99;
  option routers 192.168.192.1;
  option broadcast-address 192.168.192.255;
  default-lease-time 600;
  max-lease-time 7200;
}
host homelan {
  hardware ethernet 40:2c:f4:e9:b9:df;
  fixed-address 192.168.192.1;
}


When trying to ping 192.168.190.1 (No response)
Code: Select all
$ sudo tcpdump -v -i enp8s0
tcpdump: listening on enp8s0, link-type EN10MB (Ethernet), capture size 262144 bytes
12:44:39.891168 IP (tos 0x0, ttl 64, id 56857, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.192.20 > _gateway: ICMP echo request, id 5307, seq 56, length 64
12:44:39.911116 IP (tos 0x0, ttl 4, id 38783, offset 0, flags [DF], proto UDP (17), length 316)
    192.168.192.20.35995 > 239.255.255.250.1900: UDP, length 288
12:44:39.911128 IP (tos 0x0, ttl 4, id 38784, offset 0, flags [DF], proto UDP (17), length 307)
    192.168.192.20.35995 > 239.255.255.250.1900: UDP, length 279
12:44:39.911232 IP (tos 0x0, ttl 4, id 38785, offset 0, flags [DF], proto UDP (17), length 359)
    192.168.192.20.35995 > 239.255.255.250.1900: UDP, length 331
12:44:39.911242 IP (tos 0x0, ttl 4, id 38786, offset 0, flags [DF], proto UDP (17), length 371)
    192.168.192.20.35995 > 239.255.255.250.1900: UDP, length 343
12:44:39.911333 IP (tos 0x0, ttl 4, id 38787, offset 0, flags [DF], proto UDP (17), length 373)
    192.168.192.20.35995 > 239.255.255.250.1900: UDP, length 345
12:44:39.911344 IP (tos 0x0, ttl 4, id 38788, offset 0, flags [DF], proto UDP (17), length 387)
    192.168.192.20.35995 > 239.255.255.250.1900: UDP, length 359
12:44:40.915188 IP (tos 0x0, ttl 64, id 57015, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.192.20 > _gateway: ICMP echo request, id 5307, seq 57, length 64
12:44:41.939210 IP (tos 0x0, ttl 64, id 57060, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.192.20 > _gateway: ICMP echo request, id 5307, seq 58, length 64
12:44:42.967135 IP (tos 0x0, ttl 64, id 57253, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.192.20 > _gateway: ICMP echo request, id 5307, seq 59, length 64
12:44:43.169274 IP (tos 0x0, ttl 64, id 12639, offset 0, flags [DF], proto UDP (17), length 67)
    192.168.192.20.34991 > dns.google.domain: 59733+ A? 2.debian.pool.ntp.org. (39)
jplev22
 
Posts: 5
Joined: 2020-04-13 00:53

Re: DHCP client cannot ping gateway or internet

Postby jplev22 » 2020-04-14 15:33

It seems I cannot ping my other ethernet device on the server.
enp8s0 is ip 192.168.192.1
eno1 is ip 192.168.190.20

Is this a routing issue? Would it not follow the default route?

Code: Select all
$ ip route
default via 192.168.190.1 dev eno1 onlink
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
192.168.190.0/24 dev eno1 proto kernel scope link src 192.168.190.20
192.168.192.0/24 dev enp8s0 proto kernel scope link src 192.168.192.1



Code: Select all
$ sudo ping -I enp8s0 192.168.190.20
PING 192.168.190.20 (192.168.190.20) from 192.168.192.1 enp8s0: 56(84) bytes of data.
^C
--- 192.168.190.20 ping statistics ---
58 packets transmitted, 0 received, 100% packet loss, time 402ms


Code: Select all
$ sudo tcpdump -i enp8s0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp8s0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:18:33.927012 ARP, Request who-has JPStudy tell JPStudy, length 28
13:18:34.950878 ARP, Request who-has JPStudy tell JPStudy, length 28
13:18:35.974876 ARP, Request who-has JPStudy tell JPStudy, length 28
13:18:36.157960 IP6 JPStudy.mdns > ff02::fb.mdns: 0 [2q] PTR (QM)? _ipps._tcp.local. PTR (QM)? _ipp._tcp.local. (45)
13:18:36.998939 ARP, Request who-has JPStudy tell JPStudy, length 28


Please advise...
jplev22
 
Posts: 5
Joined: 2020-04-13 00:53

Re: DHCP client cannot ping gateway or internet

Postby jplev22 » 2020-04-16 18:10

So I established an Bridge device between my two ethernet devices, thinking it would permit them communicating.

Code: Select all
iface br0 inet dhcp
    bridge_ports enp8s0 eno1


''ifup br0'' brings up the device and assigns it an ip on the eno1 subnet.

cannot ping bridge with enp8s0

So, I set iptable
Code: Select all
iptables -A FORWARD --in-interface enp8s0 --out-interface br0 --source 192.168.192.0/255.255.255.0 -m state --state NEW -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE


Still cannot ping beyond enp8s0....

Could someone give me clue?
jplev22
 
Posts: 5
Joined: 2020-04-13 00:53

Re: DHCP client cannot ping gateway or internet

Postby kopper » 2020-04-17 04:52

jplev22 wrote:
Code: Select all
$ ip route
default via 192.168.190.1 dev eno1 onlink
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
192.168.190.0/24 dev eno1 proto kernel scope link src 192.168.190.20
192.168.192.0/24 dev enp8s0 proto kernel scope link src 192.168.192.1


Code: Select all
$ sudo ping -I enp8s0 192.168.190.20
PING 192.168.190.20 (192.168.190.20) from 192.168.192.1 enp8s0: 56(84) bytes of data.
^C
--- 192.168.190.20 ping statistics ---
58 packets transmitted, 0 received, 100% packet loss, time 402ms

Your ip route lists that 192.168.190.0 is found in eno1, yet in your ping command you tell to look for the host in enp8s0. As you have specified route for 192.168.190.0/24 explicitly to use eno1, I'd figure the default gateway will not be used.

EDIT:
jplev22 wrote:
Code: Select all
$ ip route
default via 192.168.190.1 dev eno1 onlink
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
192.168.190.0/24 dev eno1 proto kernel scope link src 192.168.190.20
192.168.192.0/24 dev enp8s0 proto kernel scope link src 192.168.192.1


Code: Select all
$ sudo ping -I enp8s0 192.168.190.20
PING 192.168.190.20 (192.168.190.20) from 192.168.192.1 enp8s0: 56(84) bytes of data.
^C
--- 192.168.190.20 ping statistics ---
58 packets transmitted, 0 received, 100% packet loss, time 402ms

Your ip route lists that 192.168.190.0 is found in eno1, yet in your ping command you tell to look for the host in enp8s0. As you have specified route for 192.168.190.0/24 explicitly to use eno1, I'd figure the default gateway will not be used.


EDIT:
jplev22 wrote:So I established an Bridge device between my two ethernet devices, thinking it would permit them communicating.

Code: Select all
iface br0 inet dhcp
    bridge_ports enp8s0 eno1


''ifup br0'' brings up the device and assigns it an ip on the eno1 subnet.

cannot ping bridge with enp8s0

So, I set iptable
Code: Select all
iptables -A FORWARD --in-interface enp8s0 --out-interface br0 --source 192.168.192.0/255.255.255.0 -m state --state NEW -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE


Still cannot ping beyond enp8s0....

Could someone give me clue?

I don't think you need any bridge device to let your interfaces to communicate with each other. All you need is to:
1) Have forwarding enabled in sysctl.conf (net.ipv4.ip_forward = 0)
2) Have proper firewall rules in FORWARD chain (or just -P ACCEPT without rules to test).

For MASQUERADE you should also define the output interface you want to perform the operation for, i.e. -o enp8s0 if that is your internet facing interface.
Debian 10.2 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
kopper
 
Posts: 136
Joined: 2016-09-30 14:30

Re: DHCP client cannot ping gateway or internet

Postby jplev22 » 2020-04-17 15:22

Thank for the explanation.

Traffic is finally routed through my server:

NAT had to be setup in nftables
[code]
nft add table nat
nft add chain nat post { type nat hook postrouting priority 0 \; }
nft add chain nat pre { type nat hook prerouting priority 0 \; }
nft add rule nat post ip saddr 192.168.192.0/24 oif eno1 snat 192.168.190.20 [\code]

Now my lan clients have access to the internet. Thanks for your input.

Reference: http://computer-outlines.over-blog.com/ ... 94152.html
jplev22
 
Posts: 5
Joined: 2020-04-13 00:53


Return to System configuration

Who is online

Users browsing this forum: No registered users and 21 guests

fashionable