5

I've installed Debian Squeeze on a Dell PowerEdge server. However, I'm facing some problem with configuring the network. Although I can ping machines inside my network, I'm unable to d0 so outside the network (google.com). The strangest thing is, I can update the packages from Debian repositories, and install them!

DNS resolution is working fine -- verified with host google.com.

I understand this should be some problem related to network configurations and/or firewall. However, am unable to figure out the issue. I would really appreciate any help.

Contents /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

auto eth0
allow-hotplug eth0
#iface eth0 inet dhcp
iface eth0 inet static
    address 10.14.85.244  
    netmask 255.255.0.0
    network 10.14.0.0
    gateway 10.14.1.2

Contents of /etc/resolv.conf

domain sit.iitkgp
search sit.iitkgp
nameserver 10.14.0.2

Contents of /etc/apt/apt.conf

Acquire::http::proxy "http://IP:PORT/";    # Values are actually used here
Acquire::ftp::proxy "ftp://IP:PORT/";
Acquire::https::proxy "https://IP:PORT/";

iptables

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Routes

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.14.0.0       0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         10.14.1.2       0.0.0.0         UG    0      0        0 eth0

Near the end of this ping strace something like EAGAIN (Resource temporarily unavailable) could be seen. This message doesn't appear when I ping (successfully) an internal IP address. Please be assured that this is a new server, and more than enough disk and memory spaces are available.

Update

Just noticed that tcptraceroute is working fine:

# tcptraceroute -i eth0 google.com
Selected device eth0, address 10.14.85.244, port 53532 for outgoing packets
Tracing the path to google.com (74.125.236.80) on TCP port 80 (www), 30 hops max
 1  10.14.1.2  0.310 ms  0.283 ms  0.281 ms
 2  10.151.1.2  0.274 ms  0.253 ms  0.281 ms
 3  maa03s05-in-f16.1e100.net (74.125.236.80) [closed]  0.141 ms  0.172 ms  0.227 ms

Update & Resolution

I believe ICMP messages are being blocked by the firewall. Also, the concerned server has no public IP address. I think that also has something to do with it. The other machine from which I could ping google.com has a public IP address.

My major concern, however, was that apt-get did work, but not lynx or wget. The problem was with the proxy environment variables. They were set in .bashrc file, but not export-ed. I had failed to notice this. Once I did export them, things are running smooth.

Thanks to all for providing insights!

Barun
  • 289
  • 1
  • 4
  • 13

2 Answers2

21

For you - A HaikuHokku.

See Your firewall.
It blocks the ICMP.
Make it not do that.

Or, more explicitly:

Ping is ICMP. DNS is UDP. Downloads are TCP.
The problem you are having is that ping is not working, which means that your firewall (or one somewhere on the network) is probably blocking ICMP.

Fix that, or have the responsible netadmin fix it, and ping will work.

voretaq7
  • 79,879
  • 17
  • 130
  • 214
  • 5
    To be pedantic/Your poem lacks nature content/Hokku not Haiku – Driftpeasant Dec 13 '11 at 21:40
  • +1 For the Haiku/Hokku combined with a good full answer. – Jeff Ferland Dec 13 '11 at 21:42
  • 1
    @Driftpeasant Firewalls are great beasts that lie slumbering in datacenters, they wake every so often to snack on packets. – voretaq7 Dec 13 '11 at 21:56
  • No ICMP/means your packets may not make/traceable travels – Driftpeasant Dec 13 '11 at 22:49
  • 1
    How sad must I be/To write hokku about ping/and post it online – Driftpeasant Dec 13 '11 at 22:49
  • @Driftpeasant citation needed? It seems Hokku is no longer the preferred term nor are Haikus exclusive to nature themes. Wikipedia explicitly mentions this http://en.wikipedia.org/wiki/Haiku – Ben Brocka Dec 14 '11 at 02:37
  • @BenBrocka well if we really want to sully the art form you can read the Haiku in English page. http://en.wikipedia.org/wiki/Haiku_in_English - "at its most minimal form can consist of one word" -- WTF? – voretaq7 Dec 14 '11 at 02:44
  • @voretaq7 I had explicitly enabled ICMP message types 0 and 8 in `iptables` -- but even that didn't solve it :( – Barun Dec 14 '11 at 05:56
  • @Barun The local machine's firewall may not be the one responsible for the blocking. Firewalls exist at many locations on the network... – voretaq7 Dec 14 '11 at 15:58
  • @voretaq7: I agree with you! I'll accept your answer regarding `ping` not working. However, I also had `lynx`, `wget` not working. I'll update my post with the solution. – Barun Dec 16 '11 at 17:16
1

Double check your Gateway against the setting of a machine that is able to ping outside of your network.

Regular conventions (for the most part) use either the first or last available IP within a given block as the gateway. So, 10.14.0.1 or 10.14.255.254. Yours (although it may be correct) does look a bit off at a glance.

Have you tried using a tool like curl / wget to attempt to get anything from the actual outside world? The packges you've found could be off of your original installation media.

NcA
  • 441
  • 2
  • 8
  • Packages are not installed from the CD. In fact, Debian netinst CD has just very few packages. I've updated them using aptitude. The IP addresses are correct -- they are taken from a working machine. Also, `curl` / `wget` / `lynx` -- none are working :( – Barun Dec 14 '11 at 05:55