• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Can't ping outside my network

    Scheduled Pinned Locked Moved
    Linux Problems
    4
    5
    2.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ManofValorM
      ManofValor
      last edited by

      Not sure this is in the right spot in the forum but here goes.
      I did a fresh install of CentOS 7 and I am having a network issue. I can ping to anything on my network but nothing outside the network. Before I installed the OS I had everything working: FOG, imaging, etc, but was having a partitioning issue. I had this issue before but it was the chrome repo that was blocking it, I did not download chrome this time so is not the issue. I also checked my firewall and we are not behind a proxy so those are not an issue, that I have found.
      Here are a few outputs:
      ifconfig

      [root@localhost fogadmin]# ifconfig
enp30s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.1.40  netmask 255.255.0.0  broadcast 10.10.255.255
        inet6 fe80::6ab5:99ff:fee4:d0c9  prefixlen 64  scopeid 0x20<link>
        ether 68:b5:99:e4:d0:c9  txqueuelen 1000  (Ethernet)
        RX packets 231188  bytes 28702240 (27.3 MiB)
        RX errors 0  dropped 12546  overruns 0  frame 0
        TX packets 45057  bytes 8715232 (8.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 19  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:2d:42:e8  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

      ip route

      [root@localhost fogadmin]# ip route
default via 10.10.1.1 dev enp30s0  proto static  metric 100 
10.10.0.0/16 dev enp30s0  proto kernel  scope link  src 10.10.1.40  metric 100 
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1

      ip addr show

      [root@localhost fogadmin]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp30s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 68:b5:99:e4:d0:c9 brd ff:ff:ff:ff:ff:ff
    inet 10.10.1.40/16 brd 10.10.255.255 scope global enp30s0
       valid_lft forever preferred_lft forever
    inet6 fe80::6ab5:99ff:fee4:d0c9/64 scope link 
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 
    link/ether 52:54:00:2d:42:e8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
    link/ether 52:54:00:2d:42:e8 brd ff:ff:ff:ff:ff:ff

      cat /etc/sysconfig/network-scripts/ifcfg-FOG_Server

      [root@localhost fogadmin]# cat /etc/sysconfig/network-scripts/ifcfg-FOG_Server
HWADDR=68:B5:99:E4:D0:C9
TYPE=Ethernet
BOOTPROTO=none
DNS1=10.10.1.59
DNS2=10.10.1.60
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME="FOG Server"
UUID=fc88fc47-ea38-4633-9024-0217c467f7a1
ONBOOT=yes
IPADDR=10.10.1.40
PREFIX=16
GATEWAY=10.10.1.1

      cat /etc/resolv.conf

      [root@localhost fogadmin]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.10.1.59
nameserver 10.10.1.60

      Let me know if i missed anything @Wayne-Workman, @Tom Elliott, @JBob, @george1421.
      They have been helping me so maybe they remember something I forgot that might be useful.

      Thanks guys in advance!

      1 Reply Last reply Reply Quote 0
      • george1421G
        george1421 Moderator
        last edited by

        This file looks suspiciously named: /etc/sysconfig/network-scripts/ifcfg-FOG_Server one might think this should be titled ifcfg-enp30s0 to match the name of your ethernet adapter.

        On the networking side. I would have to ask what happens if you try to do a traceroute to something outside your network.

        traceroute 8.8.8.8 This will tell you where your data packets are going and get hungup.

        Is it safe to assume you have direct internet access between the fog server and the internet or do you use a proxy server to get onto the internet?

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

        ManofValorM 1 Reply Last reply Reply Quote 1
        • ManofValorM
          ManofValor @george1421
          last edited by

          @george1421 NO PROXY

          [root@localhost fogadmin]# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  google-public-dns-a.google.com (8.8.8.8)  12.036 ms  12.286 ms  13.102 ms
          Tom ElliottT Wayne WorkmanW 2 Replies Last reply Reply Quote 0
          • Tom ElliottT
            Tom Elliott @ManofValor
            last edited by Tom Elliott

            @ManofValor I would venture to guess the issue with pinging outside isn’t that you cannot do so, but rather the packets coming back are being blocked from returning, displaying like you can’t get out.

            Only DNS and maybe simplistic port (web 80/webs 443) traffic are allowed to return.

            This allows your DNS traffic to pass back and forth without a problem. It even would allow updates and simple data traffic to leave and return with minimal issues.

            My guess is ACL’s are too stringent on the network. Most firewalls allow everything OUT, but only allow specificities IN when requested directly. Natted traffic should be allowed to receive on whatever it’s being requested.

            For example.

            Some external system trying to access internal port 21 would be blocked. Some internal system requesting outgoing port 21 normally can receive along the same stream though. In your case, it seems, anything as it comes in regardless of if its requested state (internal or being requested externally) is being blocked.

            I don’t know the full extent of your network though and I can only give you guesses based on what we’ve seen thus far.

            I totally believe that you’re NOT behind a proxy, just the symptoms as described seems to point to such a thing.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            1 Reply Last reply Reply Quote 1
            • Wayne WorkmanW
              Wayne Workman @ManofValor
              last edited by

              @ManofValor I think Tom’s guess is right, It makes sense.

              To be honest, there appears to be absolutely nothing wrong with any of the network configuration on your FOG server.

              We can test to see if Tom’s guess is right or not. If this CentOS 7 was installed with a GUI, it came with Firefox. Use firefox to try to visit our forums. If you can, Tom is right - and it also means that only ports 53, 80, and 443 are allowed into your network. IF this is the case, you’ll need your boss to loosen the straps so you can get your FOG server going - after that, he can tighten em down again. Or he can create rules that allow the FOG server full access to the internet. If it were up to me, I wouldn’t have a firewall that prevents work from being done. Do you guys have a demilitarized zone the fog server can be placed in temporarily so it can be installed and configured?

              Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
              Daily Clean Installation Results:
              https://fogtesting.fogproject.us/
              FOG Reporting:
              https://fog-external-reporting-results.fogproject.us/

              1 Reply Last reply Reply Quote 0
              • 1 / 1
              • First post
                Last post

              233

              Online

              12.0k

              Users

              17.3k

              Topics

              155.2k

              Posts
              Copyright © 2012-2024 FOG Project