Unable to ping, although can download packages

debian ping linux-networking

11,747

Solution 1

For you - A ~~Haiku~~Hokku.

See Your firewall.
It blocks the ICMP.
Make it not do that.

Or, more explicitly:

Ping is ICMP. DNS is UDP. Downloads are TCP.
The problem you are having is that ping is not working, which means that your firewall (or one somewhere on the network) is probably blocking ICMP.

Fix that, or have the responsible netadmin fix it, and ping will work.

Solution 2

Double check your Gateway against the setting of a machine that is able to ping outside of your network.

Regular conventions (for the most part) use either the first or last available IP within a given block as the gateway. So, 10.14.0.1 or 10.14.255.254. Yours (although it may be correct) does look a bit off at a glance.

Have you tried using a tool like curl / wget to attempt to get anything from the actual outside world? The packges you've found could be off of your original installation media.

11,747

Barun

One script for all!

Updated on September 18, 2022

Comments

Barun almost 2 years
I've installed Debian Squeeze on a Dell PowerEdge server. However, I'm facing some problem with configuring the network. Although I can ping machines inside my network, I'm unable to d0 so outside the network (google.com). The strangest thing is, I can update the packages from Debian repositories, and install them!

DNS resolution is working fine -- verified with host google.com.

I understand this should be some problem related to network configurations and/or firewall. However, am unable to figure out the issue. I would really appreciate any help.

Contents /etc/network/interfaces
```
# The loopback network interface
auto lo
iface lo inet loopback

auto eth0
allow-hotplug eth0
#iface eth0 inet dhcp
iface eth0 inet static
    address 10.14.85.244  
    netmask 255.255.0.0
    network 10.14.0.0
    gateway 10.14.1.2
```
Contents of /etc/resolv.conf
```
domain sit.iitkgp
search sit.iitkgp
nameserver 10.14.0.2
```
Contents of /etc/apt/apt.conf
```
Acquire::http::proxy "http://IP:PORT/";    # Values are actually used here
Acquire::ftp::proxy "ftp://IP:PORT/";
Acquire::https::proxy "https://IP:PORT/";
```
iptables
```
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 
```
Routes
```
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.14.0.0       0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         10.14.1.2       0.0.0.0         UG    0      0        0 eth0
```
Near the end of this ping strace something like EAGAIN (Resource temporarily unavailable) could be seen. This message doesn't appear when I ping (successfully) an internal IP address. Please be assured that this is a new server, and more than enough disk and memory spaces are available.

Update

Just noticed that tcptraceroute is working fine:
```
# tcptraceroute -i eth0 google.com
Selected device eth0, address 10.14.85.244, port 53532 for outgoing packets
Tracing the path to google.com (74.125.236.80) on TCP port 80 (www), 30 hops max
 1  10.14.1.2  0.310 ms  0.283 ms  0.281 ms
 2  10.151.1.2  0.274 ms  0.253 ms  0.281 ms
 3  maa03s05-in-f16.1e100.net (74.125.236.80) [closed]  0.141 ms  0.172 ms  0.227 ms
```
Update & Resolution

I believe ICMP messages are being blocked by the firewall. Also, the concerned server has no public IP address. I think that also has something to do with it. The other machine from which I could ping google.com has a public IP address.

My major concern, however, was that apt-get did work, but not lynx or wget. The problem was with the proxy environment variables. They were set in .bashrc file, but not export-ed. I had failed to notice this. Once I did export them, things are running smooth.

Thanks to all for providing insights!
Driftpeasant over 12 years

To be pedantic/Your poem lacks nature content/Hokku not Haiku
loislo over 12 years

+1 For the Haiku/Hokku combined with a good full answer.
voretaq7 over 12 years

@Driftpeasant Firewalls are great beasts that lie slumbering in datacenters, they wake every so often to snack on packets.
Driftpeasant over 12 years

No ICMP/means your packets may not make/traceable travels
Driftpeasant over 12 years

How sad must I be/To write hokku about ping/and post it online
Ben Brocka over 12 years

@Driftpeasant citation needed? It seems Hokku is no longer the preferred term nor are Haikus exclusive to nature themes. Wikipedia explicitly mentions this en.wikipedia.org/wiki/Haiku
voretaq7 over 12 years

@BenBrocka well if we really want to sully the art form you can read the Haiku in English page. en.wikipedia.org/wiki/Haiku_in_English - "at its most minimal form can consist of one word" -- WTF?
Barun over 12 years

Packages are not installed from the CD. In fact, Debian netinst CD has just very few packages. I've updated them using aptitude. The IP addresses are correct -- they are taken from a working machine. Also, curl / wget / lynx -- none are working :(
Barun over 12 years

@voretaq7 I had explicitly enabled ICMP message types 0 and 8 in iptables -- but even that didn't solve it :(
voretaq7 over 12 years

@Barun The local machine's firewall may not be the one responsible for the blocking. Firewalls exist at many locations on the network...
Barun over 12 years

@voretaq7: I agree with you! I'll accept your answer regarding ping not working. However, I also had lynx, wget not working. I'll update my post with the solution.