| View previous topic :: View next topic |
| Author |
Message |
hanj
Veteran
Joined: 19 Aug 2003
Posts: 1500
|
 Posted: Tue May 28, 2019 10:39 pm Post subject: Weird problem with pinging outside my network |
 |
|
Not sure when it started happening, but today I noticed that all of my icmp ping requests going outside of my network suddenly is a black hole. 100% loss, with no response. Internet and traffic to sites work fine.
While internal, I can ping any device internally. I can ping the inside and outside of my gentoo firewall interfaces. But as soon as I go one more step out, nothing. Loaded new kernel, double checked iptables to ensure icmp is allowed, it is (and I haven't touched the script in a while). This includes any device on my network, so windows, etc.. can't ping outside.. so I'm guessing the broken point is the firewall. Again, internet and all normal traffic is fine. I just need to ping something today and noticed this issue.
I'm also pinging devices that I know allow pings - including 4.2.2.2 and 8.8.8.8. I've been pinging by IP (not hostname)
For example...
| Code: | ping 4.2.2.2
PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
^C
--- 4.2.2.2 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 139ms |
Rebooted the machine, restarted iptables. Thought it might be a sysctl type thing. Any ideas where to look?
Thanks!
hanji
_________________
Server Admin Blog - Uno-Code.com |
|
| Back to top |
|
 |
krinn
Watchman
Joined: 02 May 2003
Posts: 7470
|
| Posted: Tue May 28, 2019 10:52 pm Post subject: |
|
|
well, the easy test is no firewall and see if ping works.
if it works, you have the answer
if it doesn't work, we will need more infos |
|
| Back to top |
|
|
mike155
Advocate
Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany
|
| Posted: Tue May 28, 2019 10:57 pm Post subject: |
|
|
Log in to your firewall machine and start tcpdump on the outgoing interface:
| Code: | | tcpdump -v -n -i eth1 icmp |
Then start ping on one of your internal machines:
Tcpdump should show you outgoing packets as well as incoming packets:
| Code: | 00:52:26.092989 IP (tos 0x0, ttl 63, id 38252, offset 0, flags [DF], proto ICMP (1), length 84)
192.168.2.10 > 4.2.2.2: ICMP echo request, id 23254, seq 8, length 64
00:52:26.100507 IP (tos 0x0, ttl 57, id 50082, offset 0, flags [none], proto ICMP (1), length 84)
4.2.2.2 > 192.168.2.10: ICMP echo reply, id 23254, seq 8, length 64
00:52:27.094344 IP (tos 0x0, ttl 63, id 38382, offset 0, flags [DF], proto ICMP (1), length 84)
192.168.2.10 > 4.2.2.2: ICMP echo request, id 23254, seq 9, length 64
00:52:27.101715 IP (tos 0x0, ttl 57, id 50083, offset 0, flags [none], proto ICMP (1), length 84)
4.2.2.2 > 192.168.2.10: ICMP echo reply, id 23254, seq 9, length 64
|
What do you see? |
|
| Back to top |
|
|
hanj
Veteran
Joined: 19 Aug 2003
Posts: 1500
|
| Posted: Tue May 28, 2019 11:15 pm Post subject: |
|
|
| mike155 wrote: | Log in to your firewall machine and start tcpdump on the outgoing interface:
| Code: | | tcpdump -v -n -i eth1 icmp |
Then start ping on one of your internal machines:
Tcpdump should show you outgoing packets as well as incoming packets:
| Code: | 00:52:26.092989 IP (tos 0x0, ttl 63, id 38252, offset 0, flags [DF], proto ICMP (1), length 84)
192.168.2.10 > 4.2.2.2: ICMP echo request, id 23254, seq 8, length 64
00:52:26.100507 IP (tos 0x0, ttl 57, id 50082, offset 0, flags [none], proto ICMP (1), length 84)
4.2.2.2 > 192.168.2.10: ICMP echo reply, id 23254, seq 8, length 64
00:52:27.094344 IP (tos 0x0, ttl 63, id 38382, offset 0, flags [DF], proto ICMP (1), length 84)
192.168.2.10 > 4.2.2.2: ICMP echo request, id 23254, seq 9, length 64
00:52:27.101715 IP (tos 0x0, ttl 57, id 50083, offset 0, flags [none], proto ICMP (1), length 84)
4.2.2.2 > 192.168.2.10: ICMP echo reply, id 23254, seq 9, length 64
|
What do you see? |
Thanks so much! This is what I needed. I see return traffic going to a different IP than my source IP. NAT.. looking into it.
hanji
_________________
Server Admin Blog - Uno-Code.com |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23000
|
| Posted: Wed May 29, 2019 12:48 am Post subject: |
|
|
| You might have iptables configured with an SNAT target that forces the outgoing IP address to be a value set by SNAT, rather than the value currently correct for your network interface. If your public IP once matched the SNAT value, and now does not, that could explain the symptoms you report. Inspect your nat table in iptables-save to see if this is the cause. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
