You are not logged in.

#1 2018-12-24 14:07:44

lecramed
Member
Registered: 2017-06-23
Posts: 6

Can ping gateway & external ips, cannot ping any local machine

I have just switched to using systemd-networkd and systemd-resolved for my network management.

Everything is working as anticipated including external hostname resolution, except I can no longer access any machines on my lan from this device. Specifically, I have a nexcloud server that I access by local ip with a self-signed certificate. My other machine, where I just use dhcpcd, can access the server with no issues.

When I ping my gateway, this is the result:

$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=4.01 ms
--- 192.168.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 4.009/4.050/4.092/0.075 ms

When I ping the server, this is the result (192.168.1.20 is the machine I'm pinging from, 192.168.1.100 is the nextcloud server):

$ ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
From 192.168.1.20 icmp_seq=10 Destination Host Unreachable
--- 192.168.1.100 ping statistics ---
14 packets transmitted, 0 received, +3 errors, 100% packet loss, time 196ms
pipe 4

The output of traceroute is:

$ traceroute 192.168.1.100
traceroute to 192.168.1.100 (192.168.1.100), 30 hops max, 60 byte packets
1 <hostname> (192.168.1.20) 3033.803 ms !H 3033.430 ms !H 3033.416 ms !H

I do run an unmodified UFW, however, disabling it does not affect these results.

I have checked the seven step list from https://wiki.archlinux.org/index.php/Ne … figuration and the only thing not working is accessing my local machines.

Last edited by lecramed (2018-12-25 17:17:08)

Offline

#2 2018-12-25 01:42:06

fukawi2
Administrator
From: .vic.au
Registered: 2007-09-28
Posts: 5,777
Website

Re: Can ping gateway & external ips, cannot ping any local machine

Post the output of `ip a s` and `ip r s` please.

Offline

#3 2018-12-25 14:36:25

lecramed
Member
Registered: 2017-06-23
Posts: 6

Re: Can ping gateway & external ips, cannot ping any local machine

It seems to have auto-magically fixed itself this morning. Perhaps something to do with my router?

In any event, for posterity, here is "ip a s":

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether 00:26:08:05:a8:3e brd ff:ff:ff:ff:ff:ff
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:26:08:de:63:ee brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.20/24 brd 192.168.1.255 scope global dynamic wlp2s0
       valid_lft 86030sec preferred_lft 86030sec
    inet6 fe80::226:8ff:fede:63ee/64 scope link
       valid_lft forever preferred_lft forever

And "ip r s":

default via 192.168.1.1 dev wlp2s0 proto dhcp src 192.168.1.20 metric 20
192.168.1.0/24 dev wlp2s0 proto kernel scope link src 192.168.1.20
192.168.1.1 dev wlp2s0 proto dhcp scope link src 192.168.1.20 metric 20

Thank you for the reply.

Offline

#4 2018-12-25 17:16:45

lecramed
Member
Registered: 2017-06-23
Posts: 6

Re: Can ping gateway & external ips, cannot ping any local machine

Aaand it's broken again. The output from `ip a s` and `ip r s` is still as above.

(edit)
Some additional information - `systemctl status systemd-networkd` gives:

● systemd-networkd.service - Network Service
   Loaded: loaded (/usr/lib/systemd/system/systemd-networkd.service; disabled; vendor preset: enabled)
   Active: active (running) since Mon 2018-12-24 09:30:53 NST; 1 day 4h ago
     Docs: man:systemd-networkd.service(8)
 Main PID: 1391 (systemd-network)
   Status: "Processing requests..."
    Tasks: 1 (limit: 4343)
   Memory: 1.9M
   CGroup: /system.slice/systemd-networkd.service
           └─1391 /usr/lib/systemd/systemd-networkd

Dec 25 10:23:05 hostname systemd-networkd[1391]: wlp2s0: DHCP lease lost
Dec 25 10:23:05 hostname systemd-networkd[1391]: wlp2s0: Lost carrier
Dec 25 10:23:09 hostname systemd-networkd[1391]: wlp2s0: Gained carrier
Dec 25 10:23:12 hostname systemd-networkd[1391]: wlp2s0: DHCPv4 address 192.168.1.20/24 via 192.168.1.1
Dec 25 10:23:12 hostname systemd-networkd[1391]: wlp2s0: Configured
Dec 25 13:35:54 hostname systemd-networkd[1391]: wlp2s0: Lost carrier
Dec 25 13:35:54 hostname systemd-networkd[1391]: wlp2s0: DHCP lease lost
Dec 25 13:35:58 hostname systemd-networkd[1391]: wlp2s0: Gained carrier
Dec 25 13:35:59 hostname systemd-networkd[1391]: wlp2s0: DHCPv4 address 192.168.1.20/24 via 192.168.1.1
Dec 25 13:35:59 hostname systemd-networkd[1391]: wlp2s0: Configured

Last edited by lecramed (2018-12-25 17:26:03)

Offline

#5 2018-12-25 17:56:06

seth
Member
Registered: 2012-09-03
Posts: 13,059

Re: Can ping gateway & external ips, cannot ping any local machine

Wonky wifi, please post a complete journal ("sudo journalctl -b")

Online

#6 2018-12-25 18:47:34

lecramed
Member
Registered: 2017-06-23
Posts: 6

Re: Can ping gateway & external ips, cannot ping any local machine

Okay, the journal is very busy - I've removed lines related to my fan speed monitoring and DNSSEC failed validations.

Output from `sudo journalctl -b -r`

Dec 25 14:31:04 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 14:30:24 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 14:29:44 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 14:29:04 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 14:28:24 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 14:27:44 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 14:27:04 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 14:26:24 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 14:26:17 hostname systemd-timesyncd[522]: Synchronized to time server 194.105.226.20:123 (0.arch.pool.ntp.org).
Dec 25 14:26:14 hostname systemd-resolved[521]: Using degraded feature set (UDP+EDNS0+DO) for DNS server 1.1.1.1.
Dec 25 14:26:09 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC= SRC=192.168.1.20 DST=224.0.0.252 LEN=53 TOS=0x00 PREC=0x00 TTL=255 ID=35163 PROTO=UDP SPT=5355>
Dec 25 14:26:09 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC= SRC=192.168.1.20 DST=224.0.0.252 LEN=53 TOS=0x00 PREC=0x00 TTL=255 ID=35133 PROTO=UDP SPT=5355>
Dec 25 14:26:09 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC= SRC=192.168.1.20 DST=224.0.0.252 LEN=53 TOS=0x00 PREC=0x00 TTL=255 ID=35103 PROTO=UDP SPT=5355>
Dec 25 14:26:09 hostname systemd-networkd[1391]: wlp2s0: Configured
Dec 25 14:26:09 hostname systemd-timesyncd[522]: Network configuration changed, trying to establish connection.
Dec 25 14:26:09 hostname systemd-networkd[1391]: wlp2s0: DHCPv4 address 192.168.1.20/24 via 192.168.1.1
Dec 25 14:26:09 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC= SRC=fe80:0000:0000:0000:0226:08ff:fede:63ee DST=ff02:0000:0000:0000:0000:0000:0001:0003 LEN=73>
Dec 25 14:26:08 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC= SRC=fe80:0000:0000:0000:0226:08ff:fede:63ee DST=ff02:0000:0000:0000:0000:0000:0001:0003 LEN=73>
Dec 25 14:26:08 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC= SRC=fe80:0000:0000:0000:0226:08ff:fede:63ee DST=ff02:0000:0000:0000:0000:0000:0001:0003 LEN=73>
Dec 25 14:26:08 hostname systemd-timesyncd[522]: Network configuration changed, trying to establish connection.
Dec 25 14:26:08 hostname systemd-networkd[1391]: wlp2s0: Gained carrier
Dec 25 14:26:08 hostname wpa_supplicant[636]: wlp2s0: CTRL-EVENT-CONNECTED - Connection to 60:33:4b:e0:5d:e3 completed [id=0 id_str=]
Dec 25 14:26:08 hostname wpa_supplicant[636]: wlp2s0: WPA: Key negotiation completed with 60:33:4b:e0:5d:e3 [PTK=CCMP GTK=CCMP]
Dec 25 14:26:08 hostname wpa_supplicant[636]: wlp2s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Dec 25 14:26:08 hostname wpa_supplicant[636]: wlp2s0: Associated with 60:33:4b:e0:5d:e3
Dec 25 14:26:08 hostname wpa_supplicant[636]: wlp2s0: Trying to associate with 60:33:4b:e0:5d:e3 (SSID='networkname' freq=2447 MHz)
Dec 25 14:26:04 hostname kernel: audit: type=1131 audit(1545760564.836:395): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=tlp-sleep comm="systemd" exe=>
Dec 25 14:26:04 hostname audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=tlp-sleep comm="systemd" exe="/usr/lib/systemd/systemd" ho>
Dec 25 14:26:04 hostname systemd[1]: Stopped TLP suspend/resume.
Dec 25 14:26:04 hostname systemd[1]: Stopped target Suspend.
Dec 25 14:26:04 hostname systemd[1]: Stopping TLP suspend/resume...
Dec 25 14:26:04 hostname systemd-logind[566]: Operation 'sleep' finished.
Dec 25 14:26:04 hostname kernel: audit: type=1131 audit(1545760564.623:394): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-suspend comm="systemd>
Dec 25 14:26:04 hostname kernel: audit: type=1130 audit(1545760564.623:393): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-suspend comm="systemd>
Dec 25 14:26:04 hostname systemd[1]: Reached target Suspend.
Dec 25 14:26:04 hostname systemd[1]: Stopped target Sleep.
Dec 25 14:26:04 hostname audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-suspend comm="systemd" exe="/usr/lib/systemd/syste>
Dec 25 14:26:04 hostname audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-suspend comm="systemd" exe="/usr/lib/systemd/syst>
Dec 25 14:26:04 hostname systemd[1]: Started Suspend.
Dec 25 14:26:04 hostname kernel: PM: suspend exit
Dec 25 14:26:04 hostname kernel: firewire_core 0000:05:00.0: rediscovered device fw0
Dec 25 14:26:04 hostname systemd-sleep[4514]: System resumed.
Dec 25 14:26:04 hostname systemd-logind[566]: Lid opened.
Dec 25 14:26:04 hostname systemd-timesyncd[522]: No network connectivity, watching for changes.
Dec 25 14:26:04 hostname systemd-networkd[1391]: wlp2s0: DHCP lease lost
Dec 25 14:26:04 hostname systemd-networkd[1391]: wlp2s0: Lost carrier
Dec 25 14:26:04 hostname wpa_supplicant[636]: wlp2s0: CTRL-EVENT-DISCONNECTED bssid=20:76:00:1b:65:84 reason=0
Dec 25 14:26:04 hostname kernel: Restarting tasks ... done.
Dec 25 14:26:04 hostname kernel: OOM killer enabled.
Dec 25 14:26:04 hostname kernel: ata1.00: configured for UDMA/133
Dec 25 14:26:04 hostname kernel: ata1.00: ACPI cmd ef/10:03:00:00:00:a0 (SET FEATURES) filtered out
Dec 25 14:26:04 hostname kernel: ata1.00: ACPI cmd ef/10:03:00:00:00:a0 (SET FEATURES) filtered out
Dec 25 14:26:04 hostname kernel: ata2.00: configured for UDMA/66
Dec 25 14:26:04 hostname kernel: ata2.00: ACPI cmd ef/10:03:00:00:00:a0 (SET FEATURES) filtered out
Dec 25 14:26:04 hostname kernel: ata2.00: ACPI cmd ef/10:03:00:00:00:a0 (SET FEATURES) filtered out
Dec 25 14:26:04 hostname kernel: ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
Dec 25 14:26:04 hostname kernel: ata2: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
Dec 25 14:26:04 hostname kernel: forcedeth 0000:00:0a.0 enp0s10: no link during initialization
Dec 25 14:26:04 hostname kernel: forcedeth 0000:00:0a.0 enp0s10: MSI enabled
Dec 25 14:26:04 hostname kernel: sd 0:0:0:0: [sda] Starting disk
Dec 25 14:26:04 hostname kernel: ACPI: EC: event unblocked
Dec 25 14:26:04 hostname kernel: ACPI: EC: interrupt unblocked
Dec 25 14:26:04 hostname kernel: ACPI: Waking up from system sleep state S3
Dec 25 14:26:04 hostname kernel: CPU1 is up
Dec 25 14:26:04 hostname kernel:  cache: parent cpu1 should not be sleeping
Dec 25 14:26:04 hostname kernel: smpboot: Booting Node 0 Processor 1 APIC 0x1
Dec 25 14:26:04 hostname kernel: x86: Booting SMP configuration:
Dec 25 14:26:04 hostname kernel: Enabling non-boot CPUs ...
Dec 25 14:26:04 hostname kernel: PM: Restoring platform NVS memory
Dec 25 14:26:04 hostname kernel: ACPI: EC: EC started
Dec 25 14:26:04 hostname kernel: ACPI: Low-level resume complete
Dec 25 14:26:04 hostname kernel: smpboot: CPU 1 is now offline
Dec 25 14:26:04 hostname kernel: Disabling non-boot CPUs ...
Dec 25 14:26:04 hostname kernel: PM: Saving platform NVS memory
Dec 25 14:26:04 hostname kernel: ACPI: EC: EC stopped
Dec 25 14:26:04 hostname kernel: ACPI: EC: event blocked
Dec 25 14:26:04 hostname kernel: ACPI: Preparing to enter system sleep state S3
Dec 25 14:26:04 hostname kernel: ACPI: EC: interrupt blocked
Dec 25 14:26:04 hostname kernel: sd 0:0:0:0: [sda] Stopping disk
Dec 25 14:26:04 hostname kernel: sd 0:0:0:0: [sda] Synchronizing SCSI cache
Dec 25 14:26:04 hostname kernel: Suspending console(s) (use no_console_suspend to debug)
Dec 25 14:26:04 hostname kernel: Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done.
Dec 25 14:26:04 hostname kernel: OOM killer disabled.
Dec 25 14:26:04 hostname kernel: Freezing user space processes ... (elapsed 0.001 seconds) done.
Dec 25 14:26:04 hostname kernel: PM: Syncing filesystems ... done.
Dec 25 13:56:47 hostname kernel: PM: suspend entry (deep)
Dec 25 13:56:47 hostname systemd-sleep[4514]: Suspending system...
Dec 25 13:56:47 hostname systemd[1]: Starting Suspend...
Dec 25 13:56:47 hostname audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=tlp-sleep comm="systemd" exe="/usr/lib/systemd/systemd" h>
Dec 25 13:56:47 hostname kernel: audit: type=1130 audit(1545758807.730:392): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=tlp-sleep comm="systemd" exe=>
Dec 25 13:56:47 hostname systemd[1]: Reached target Sleep.
Dec 25 13:56:47 hostname systemd[1]: Started TLP suspend/resume.
Dec 25 13:56:47 hostname systemd[1]: Starting TLP suspend/resume...
Dec 25 13:56:47 hostname systemd-logind[566]: Suspending...
Dec 25 13:56:47 hostname systemd-logind[566]: Lid closed.
Dec 25 13:56:40 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:fc:10:c3:7b:6e:8f:1d:08:00 SRC=192.168.1.26 DST=224.0.0.252 LEN=59 TOS=0x00 PREC>
Dec 25 13:56:40 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=33:33:00:01:00:03:10:c3:7b:6e:8f:1d:86:dd SRC=fe80:0000:0000:0000:3940:e8ac:8fec:00f2 DST=ff02:>
Dec 25 13:56:37 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:fc:10:c3:7b:6e:8f:1d:08:00 SRC=192.168.1.26 DST=224.0.0.252 LEN=59 TOS=0x00 PREC>
Dec 25 13:56:37 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=33:33:00:01:00:03:10:c3:7b:6e:8f:1d:86:dd SRC=fe80:0000:0000:0000:3940:e8ac:8fec:00f2 DST=ff02:>
Dec 25 13:56:37 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:fc:10:c3:7b:6e:8f:1d:08:00 SRC=192.168.1.26 DST=224.0.0.252 LEN=59 TOS=0x00 PREC>
Dec 25 13:56:37 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=33:33:00:01:00:03:10:c3:7b:6e:8f:1d:86:dd SRC=fe80:0000:0000:0000:3940:e8ac:8fec:00f2 DST=ff02:>
Dec 25 13:56:29 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:fc:50:1a:c5:f6:55:5d:08:00 SRC=192.168.1.28 DST=224.0.0.252 LEN=59 TOS=0x00 PREC>
Dec 25 13:56:29 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=33:33:00:01:00:03:50:1a:c5:f6:55:5d:86:dd SRC=fe80:0000:0000:0000:3033:625d:6ce2:cc2f DST=ff02:>
Dec 25 13:56:29 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:fc:50:1a:c5:f6:55:5d:08:00 SRC=192.168.1.28 DST=224.0.0.252 LEN=59 TOS=0x00 PREC>
Dec 25 13:56:29 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=33:33:00:01:00:03:50:1a:c5:f6:55:5d:86:dd SRC=fe80:0000:0000:0000:3033:625d:6ce2:cc2f DST=ff02:>
Dec 25 13:56:26 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:fc:50:1a:c5:f6:55:5d:08:00 SRC=192.168.1.28 DST=224.0.0.252 LEN=59 TOS=0x00 PREC>
Dec 25 13:56:26 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=33:33:00:01:00:03:50:1a:c5:f6:55:5d:86:dd SRC=fe80:0000:0000:0000:3033:625d:6ce2:cc2f DST=ff02:>
Dec 25 13:56:26 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:fc:50:1a:c5:f6:55:5d:08:00 SRC=192.168.1.28 DST=224.0.0.252 LEN=59 TOS=0x00 PREC>
Dec 25 13:56:26 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=33:33:00:01:00:03:50:1a:c5:f6:55:5d:86:dd SRC=fe80:0000:0000:0000:3033:625d:6ce2:cc2f DST=ff02:>
Dec 25 13:56:23 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:55:43 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:55:03 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:54:23 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:53:43 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:53:03 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:52:23 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:51:43 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:51:03 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:50:23 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:49:43 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:49:03 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:48:23 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:47:43 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:47:03 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:46:23 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:45:43 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:45:03 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:44:23 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:43:43 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:43:03 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:43:43 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:43:03 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>
Dec 25 13:43:43 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:>
Dec 25 13:43:03 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:>
Dec 25 13:42:40 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:>
Dec 25 13:42:40 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=33:33:00:01:00:>
Dec 25 13:42:40 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:>
Dec 25 13:42:40 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=33:33:00:01:00:>
Dec 25 13:42:40 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:>
Dec 25 13:42:40 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=33:33:00:01:00:>
Dec 25 13:42:40 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:>
Dec 25 13:42:40 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=33:33:00:01:00:>
Dec 25 13:42:23 hostname kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:>

UFW does seem to be blocking UDP on 5355... I had previously let this through using:

sudo ufw allow from 192.168.1.0/24 to any port 5355 proto tcp
sudo ufw allow from 192.168.1.0/24 to any port 5355 proto udp

However, this did not seem to solve my issue. None the less, could it be an LLMNR problem? Also, I have the same problem when connected by cable instead of wireless.

Last edited by lecramed (2018-12-25 18:49:17)

Offline

#7 2018-12-25 19:17:12

seth
Member
Registered: 2012-09-03
Posts: 13,059

Re: Can ping gateway & external ips, cannot ping any local machine

Yup, the reconnect is from an S3.

ufw status
iptables -S

Also your hostname is not "hostname" nor "localhost" and you properly set it up following https://wiki.archlinux.org/index.php/Ne … e_hostname ?

Online

#8 2018-12-26 02:31:10

lecramed
Member
Registered: 2017-06-23
Posts: 6

Re: Can ping gateway & external ips, cannot ping any local machine

So the suspend disconnect/reconnect is as anticipated.

I did not realize I could just `iptables -S` to see my full UFW rules. Here is the output, which should now just be the UFW defaults:

-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-logging-output
-N ufw-user-output
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j DROP
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT

So, if the issue is allowing on port 5355, how should I fix the UFW rules I already tried above? I also tried using the multicast ip range, like:

sudo ufw allow from 224.0.0.0/24 to any port 5355 proto tcp
sudo ufw allow from 224.0.0.0/24 to any port 5355 proto udp

It does not seem to work either.

(edit)
Also, now that I think about it, the issue seems to be intermittent so it's probably not firewall related at all.

(edit 2)
It seems that when I force reconnection by suspending the system it sometimes comes back able to connect to a local machine and sometimes not.

Last edited by lecramed (2018-12-26 02:44:27)

Offline

#9 2018-12-26 03:48:55

frank604
Member
From: BC, Canada
Registered: 2011-04-20
Posts: 1,207

Re: Can ping gateway & external ips, cannot ping any local machine

Your .20 hostname is hostname?
Is the .100 hostname also hostname?
Please don't miss Seth's reply
Disregard your software firewall.  Stop ufw and show logs of connection attempts after your hostname update please. 

For the LLMNR, I am a bit concerned that UFW is blocked requests on port 5355.  However, if we turn off UFW, this port block should be removed.

You mentioned this connection issue with other endpoints on your network.  How was the experiencing connecting to them?  Can you ping the other devices that are live from the DHCP table?


PS Merry Xmas!

Last edited by frank604 (2018-12-26 03:57:28)

Offline

#10 2018-12-26 15:27:30

lecramed
Member
Registered: 2017-06-23
Posts: 6

Re: Can ping gateway & external ips, cannot ping any local machine

Apologies for the "hostname" confusion - my hostnames are unique. I redacted them in the above because... I don't know what I'm doing.

I can't reproduce the issue at the moment - the local connections are working even after multiple suspend events. I am stopping/disabling UFW now and will test the next time I am unable to connect. In the mean time, I am still occasionally getting lines like the following in `journalctl -b -f` output even though I am able to connect:

Dec 26 09:18:03 archmob kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC=01:00:5e:00:00:01:a8:39:44:96:0c:c8:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0x>

Dec 26 09:08:46 archmob kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC= SRC=fe80:0000:0000:0000:0226:08ff:fede:63ee DST=ff02:0000:0000:0000:0000:0000:0001:0003 LEN=73 TC=0 HOPLIMIT=255 FLOWLBL=18002 PROTO=UDP SPT=5355 DPT=5355 LEN=33

Dec 25 23:25:55 archmob kernel: [UFW BLOCK] IN=wlp2s0 OUT= MAC= SRC=192.168.1.20 DST=224.0.0.252 LEN=53 TOS=0x00 PREC=0x00 TTL=255 ID=5420 PROTO=UDP SPT=5355 DPT=5355 LEN=33

With respect to pinging my other devices, they all replied the same way as the server did above: "Destination Host Unreachable." I can't reproduce it now since it's connecting for the time being, but I'll post again if it breaks. Also, my other arch instance pings and accesses other devices happily (it's connection is setup using dhcpcd).

Merry Xmas to you as well.

Offline

#11 2018-12-26 15:44:51

seth
Member
Registered: 2012-09-03
Posts: 13,059

Re: Can ping gateway & external ips, cannot ping any local machine

The burst protection rules seem suspicious, I don't know how to alter this using ufw, but logging them *all* w/ "LIMIT BLOCK" would be good.

Online

Board footer

Powered by FluxBB