[Solved] Can ping, cannot browse nor update via pacman.

krsmith28p · 2025-05-31 11:09:53

Hi I am looking for help on where to look to find an answer for my network issue.
I can ping across the internet, including for example to www.google.com.
I cannot browse using Firefox (the only web-browser installed).
I cannot update the system, nor install new software.
Pacman -Syu fails with 'connection timed out' errors on all mirrors. I can ping the hostnames on the mirrors, however.
The computer I am working on to submit the request for help, is on the same network, is also using Arch Linux, and is also using systemd-networkd
This suggests there's no problem with gateway, router or network, especially as I can ssh into the poorly machine to collect data on its workings.
The network has previously worked correctly on the machine, definitely when it was using NetworkManager, possibly also since changing to systemd-networkd, although I cannot now be certain of that. NetworkManager has been removed.
I'm sure I'm missing something obvious.

$ sudo pacman -Syu
:: Synchronising package databases...
 core
 extra
^Cerror: failed retrieving file 'core.db' from geo.mirror.pkgbuild.com : Connection timed out after 10001 milliseconds
error: failed retrieving file 'extra.db' from geo.mirror.pkgbuild.com : Connection timed out after 10001 milliseconds
error: failed retrieving file 'core.db' from ftpmirror.infania.net : Connection timed out after 10001 milliseconds
error: failed retrieving file 'extra.db' from ftpmirror.infania.net : Connection timed out after 10000 milliseconds
error: failed retrieving file 'core.db' from mirror.rackspace.com : Operation too slow. Less than 1 bytes/sec transferred the last 10 seconds
error: failed retrieving file 'extra.db' from mirror.rackspace.com : Operation too slow. Less than 1 bytes/sec transferred the last 10 seconds
error: failed retrieving file 'core.db' from mirror.rackspace.com : Connection timed out after 10003 milliseconds
warning: too many errors from mirror.rackspace.com, skipping for the remainder of this transaction
error: failed retrieving file 'extra.db' from mirror.rackspace.com : Connection timed out after 10002 milliseconds
error: failed to synchronize all databases (unexpected error)

resolvectl shows this:

$ resolvectl
Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: stub
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net
                      8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com
                      2620:fe::9#dns.quad9.net 2001:4860:4860::8888#dns.google

Link 2 (enp1s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 8.8.8.8
       DNS Servers: 8.8.8.8 192.168.1.1
     Default Route: yes

Link 3 (wlp2s0)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
     Default Route: no

networkctl status shows this:

$ networkctl status
● Interfaces: 1, 2, 3
       State: routable                           
Online state: online                             
     Address: 192.168.1.241 on enp1s0
              fe80::6a1d:efff:fe50:9798 on enp1s0
     Gateway: 192.168.1.1 on enp1s0
         DNS: 8.8.8.8
              192.168.1.1

May 30 12:04:18 archbanghr systemd-networkd[324]: lo: Link UP
May 30 12:04:18 archbanghr systemd-networkd[324]: lo: Gained carrier
May 30 12:04:18 archbanghr systemd[1]: Started Network Configuration.
May 30 12:04:19 archbanghr systemd-networkd[324]: eth0: Interface name change detected, renamed to enp1s0.
May 30 12:04:19 archbanghr systemd-networkd[324]: enp1s0: Configuring with /etc/systemd/network/10-DHCP-wired.network.
May 30 12:04:19 archbanghr systemd-networkd[324]: enp1s0: Link UP
May 30 12:04:19 archbanghr systemd-networkd[324]: wlan0: Interface name change detected, renamed to wlp2s0.
May 30 12:04:22 archbanghr systemd-networkd[324]: enp1s0: Gained carrier
May 30 12:04:24 archbanghr systemd-networkd[324]: enp1s0: Gained IPv6LL
May 30 12:04:27 archbanghr systemd-networkd[324]: enp1s0: DHCPv4 address 192.168.1.241/24, gateway 192.168.1.1 acquired from 192.168.1.1

pinging a web address:

$ ping www.archlinux.org
PING www.archlinux.org (95.217.163.246) 56(84) bytes of data.
64 bytes from archlinux.org (95.217.163.246): icmp_seq=1 ttl=50 time=51.6 ms

Systemctl status network sections

$ cat sysstatus.txt 
● hostname
    State: running
    Units: 403 loaded (incl. loaded aliases)
     Jobs: 0 queued
   Failed: 0 units
    Since: Fri 2025-05-30 12:04:17 UTC; 22h ago
  systemd: 257.5-3-arch
   CGroup: /
           ├─init.scope
           │ └─1 /sbin/init
           ├─system.slice
           │ ├─dbus-broker.service
           │ │ ├─513 /usr/bin/dbus-broker-launch --scope system --audit
           │ │ └─514 dbus-broker --log 4 --controller 9 --machine-id eeac8c65583f4eb09c223399d1d5062f --max-bytes 536870912 --max-fds 4096 --max-matches 16384 --audit
           │ ├─polkit.service
           │ │ └─642 /usr/lib/polkit-1/polkitd --no-debug --log-level=notice
           │ ├─sshd.service
           │ │ └─516 "sshd: /usr/bin/sshd -D [listener] 0 of 10-100 startups"
           │ ├─systemd-homed.service
           │ │ └─517 /usr/lib/systemd/systemd-homed
           │ ├─systemd-journald.service
           │ │ └─246 /usr/lib/systemd/systemd-journald
           │ ├─systemd-logind.service
           │ │ └─520 /usr/lib/systemd/systemd-logind
           │ ├─systemd-networkd.service
           │ │ └─324 /usr/lib/systemd/systemd-networkd
           │ ├─systemd-nsresourced.service
           │ │ ├─   287 /usr/lib/systemd/systemd-nsresourced
           │ │ ├─118913 "systemd-nsresourcework: waiting..."
           │ │ ├─118914 "systemd-nsresourcework: waiting..."
           │ │ ├─118951 "systemd-nsresourcework: waiting..."
           │ │ ├─118987 "systemd-nsresourcework: waiting..."
           │ │ └─118988 "systemd-nsresourcework: waiting..."
           │ ├─systemd-resolved.service
           │ │ └─307 /usr/lib/systemd/systemd-resolved
           │ ├─systemd-timesyncd.service
           │ │ └─308 /usr/lib/systemd/systemd-timesyncd
           │ ├─systemd-udevd.service
           │ │ └─udev
           │ │   └─316 /usr/lib/systemd/systemd-udevd
           │ └─systemd-userdbd.service
           │   ├─   288 /usr/lib/systemd/systemd-userdbd
           │   ├─118686 "systemd-userwork: waiting..."
           │   ├─118687 "systemd-userwork: waiting..."
           │   └─118688 "systemd-userwork: waiting..."
           └─user.slice
 - etc

Although I can ping hostnames, is this still a DNS issue? What else should I be looking for?
Thanks

K

Last edited by krsmith28p (2025-06-01 09:21:12)

seth · 2025-05-31 15:52:53

Firewall?
VPN (will typically require a lower MTU)?
SSL? (bad system time?)

curl -vL 'http://geo.mirror.pkgbuild.com/core/os/x86_64/core.db' > /dev/null
curl -vL 'https://geo.mirror.pkgbuild.com/core/os/x86_64/core.db' > /dev/null

krsmith28p · 2025-05-31 16:26:11

Thanks.

Turning off the router firewall results in pacman succeeding.

Now I just need to work out what need changing.
Is it odd that the laptop I'm typing on is on the same router/firewall and works without issue?

Executing those curl commands with the firewall on, in my machine with the issue, resulted in these outputs (neither completes)

$ curl -vL 'http://geo.mirror.pkgbuild.com/core/os/x86_64/core.db' > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host geo.mirror.pkgbuild.com:80 was resolved.
* IPv6: 2001:ba8:0:4030::2
* IPv4: 185.73.44.89
*   Trying [2001:ba8:0:4030::2]:80...
* Immediate connect fail for 2001:ba8:0:4030::2: Network is unreachable
*   Trying 185.73.44.89:80...
* Connected to geo.mirror.pkgbuild.com (185.73.44.89) port 80
* using HTTP/1.x
> GET /core/os/x86_64/core.db HTTP/1.1
> Host: geo.mirror.pkgbuild.com
> User-Agent: curl/8.13.0
> Accept: */*
> 
* Request completely sent off
  0     0    0     0    0     0      0      0 --:--:--  0:00:46 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:47 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:01:17 --:--:--     0^C


$ curl -vL 'https://geo.mirror.pkgbuild.com/core/os/x86_64/core.db' > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host geo.mirror.pkgbuild.com:443 was resolved.
* IPv6: 2001:ba8:0:4030::2
* IPv4: 185.73.44.89
*   Trying [2001:ba8:0:4030::2]:443...
* Immediate connect fail for 2001:ba8:0:4030::2: Network is unreachable
*   Trying 185.73.44.89:443...
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [1569 bytes data]
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
  0     0    0     0    0     0      0      0 --:--:--  0:01:01 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:01:03 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:01:09 --:--:--     0^[[B^[[C

On my laptop, the first produces

curl -vL 'http://geo.mirror.pkgbuild.com/core/os/x86_64/core.db' > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host geo.mirror.pkgbuild.com:80 was resolved.
* IPv6: 2001:ba8:0:4030::2
* IPv4: 185.73.44.89
*   Trying [2001:ba8:0:4030::2]:80...
* Immediate connect fail for 2001:ba8:0:4030::2: Network is unreachable
*   Trying 185.73.44.89:80...
* Connected to geo.mirror.pkgbuild.com (185.73.44.89) port 80
* using HTTP/1.x
> GET /core/os/x86_64/core.db HTTP/1.1
> Host: geo.mirror.pkgbuild.com
> User-Agent: curl/8.13.0
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 200 OK
< Server: nginx
< Date: Sat, 31 May 2025 16:19:00 GMT
< Content-Type: application/octet-stream
< Content-Length: 120406
< Last-Modified: Sat, 31 May 2025 07:06:31 GMT
< Connection: keep-alive
< ETag: "683aaa77-1d656"
< X-Served-By: london.mirror.pkgbuild.com
< Accept-Ranges: bytes
< 
{ [2856 bytes data]
100  117k  100  117k    0     0   160k      0 --:--:-- --:--:-- --:--:--  160k
* Connection #0 to host geo.mirror.pkgbuild.com left intact

Update: Having turned the firewall back on, the machine with the issue appears to be working normally - ie pacman is running. I'll try rebooting it to see what if any difference that makes.
Update2: After rebooting, system is working normally. This is great, of course, but I don't know why it wasn't working, nor why turning the router firewall off, then on again solved the issue.

If you have any thoughts on that, it would aid my ever-learning...

Last edited by krsmith28p (2025-05-31 16:30:27)

krsmith28p · 2025-05-31 16:33:28

Perhaps I should add that the router is running dd-wrt, Firmware: DD-WRT v3.0-r60662 std (04/10/25), with SPI firewall, in case that is relevant.

seth · 2025-05-31 19:57:19

I assume you lost the router logs w/ the reboot?

Depends on the actual firewall rules.
MAC or IP whitelists?
I guess you're using conntrack?

Ceterum censeo: is there a parallel windows installation? Or do you maybe connect to the router w/ two leases (eg. wireless and wired)

krsmith28p · 2025-05-31 23:13:40

Unfortunately router logs were empty before turning off firewall. I have enabled since.

The default dd-wrt firewall setting is used. As far as I can tell, there are no MAC or IP whitelists in place.
I don't use conntrack - in fact I have so far left all firewall duties to the router, there's no additional firewalls on attached linux clients. I will investigate conntrack (and ufw) further - thanks for the pointer.

Re your final thoughts - only one lease is used (the wired one). The machine is wireless capable, but has not been configured to use it, with no wireless service installed.
I may be misunderstanding- the machine can dual boot with Windows, if that is what you mean, although the windows boot has not been used in weeks. There's only linux boxes on the network at present - the machine I've been trying to to get working correctly, this (arch) laptop, a raspberry pi and my android phone.
Or did you mean something else when you say 'parallel windows installation'?
Thanks for your input. I learn a little every day.
K

seth · 2025-05-31 23:19:03

3rd link below. Mandatory.
Disable it (it's NOT the BIOS setting!) and reboot windows and linux twice for voodo reasons.

The router might have held a stale lease from windows because of that - did you reboot the router after the last windows use (before the fixing reboot)?

krsmith28p · 2025-06-01 09:18:28

Thank you.
I will do that.

Router was not rebooted after last windows use.

Marking as solved

Arch Linux

#1 2025-05-31 11:09:53

[Solved] Can ping, cannot browse nor update via pacman.

#2 2025-05-31 15:52:53

Re: [Solved] Can ping, cannot browse nor update via pacman.

#3 2025-05-31 16:26:11

Re: [Solved] Can ping, cannot browse nor update via pacman.

#4 2025-05-31 16:33:28

Re: [Solved] Can ping, cannot browse nor update via pacman.

#5 2025-05-31 19:57:19

Re: [Solved] Can ping, cannot browse nor update via pacman.

#6 2025-05-31 23:13:40

Re: [Solved] Can ping, cannot browse nor update via pacman.

#7 2025-05-31 23:19:03

Re: [Solved] Can ping, cannot browse nor update via pacman.

#8 2025-06-01 09:18:28

Re: [Solved] Can ping, cannot browse nor update via pacman.

Board footer