Not able to ping external sites

[anupindi007]

Hi,
Problem: Not able to ping( Google (but resolves ip 72.14.213.147) or Browse any external sites.

a. able to ping from pc to Server - eth0
b. able to ping from pc to Server - eth1
c. able to browse Internet from Server
d. while trying to ping Google
--says: pinging www.1.google.com[72.14.213.103] with 32 bytes of data: Request time out.


Setup:
PC --> Router > Server(eth1(internal) ->eth0(external), DNS/firewall --> Internet


Study Notes:
Server eth0 IP: 10.10.10.95 subnet 255.255.255.0
Server eth1 IP: 10.5.5.1 subnet 255.255.255.224

Router ip external: 10.5.5.10
Router ip internal: 172.16.2.1
Router Default GW : 10.5.5.1

PC IP: 172.16.2.10

# route -n
Kernel IP routing table
Destination ---- Gateway ----Genmask ------------Flags Metric Ref Use ----Iface
10.5.5.0 ------ 0.0.0.0 ----255.255.255.224 ----U 0 0 0 ----------------------- eth1
10.1.10.0 ------ 0.0.0.0 ----255.255.255.0 --------U 0 0 0 ----------------------- eth0
169.254.0.0 - 0.0.0.0 -----255.255.0.0 -----------U 1000 0 0 ------------------ eth0
0.0.0.0 --------10.1.10.1---0.0.0.0 ------------------UG 100 0 0 ------------------ eth0

#cat /etc/resolv.conf
nameserver 10.1.10.1


# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet static
address 10.5.5.1
netmask 255.255.255.224

#cat /etc/dhcp3/dhcpd.conf
...
A slightly different configuration for an internal subnet.
subnet 10.5.5.0 netmask 255.255.255.224 {
range 10.5.5.10 10.5.5.15;
option domain-name-servers 10.10.10.1;
# option domain-name "internal.example.org";
# option routers ;
# option broadcast-address 10.5.5.31;
default-lease-time 864600;
max-lease-time 60480;
}

Updates:
From pc while typing > nslookup Google
*** Can't find server name for address 10.5.5.1 : Non-existent domain
*** Default servers are not available
Server: Unknown
Address: 10.5.5.1

Non-authoritative answer:
Name: www.1.google.com
Addresses: 74.125.127.147,72.14.213.104,...
Aliases: Google

> ping Google
Pinging www.1.google.com [72.14.213.104] with 32bytes of data:
Request timed out.
Request timed out.

Note:
a. 10.5.5.1 is Server eth1 local ip and i am able to ping too.

b. DNS server is running on 10.5.5.1(on eth1) and where is the problem ???
i # sh dnsmasq status
* Checking DNS forwarder and DHCP server dnsmasq * (running)

ii #sh dnsmasq stop ; ping Yahoo!
Pinging request could not find host Yahoo! . Please check the name and try again.

iii #sh dnsmasq start; ping Yahoo!
Pinging www-real.wa1.b.yahoo.com [209.131.36.158] with 32 bytes of data: ...

Thanks,
Srinivas

[Ric_]

Your firewall does pass ping requests through, doesn't it?

[powdarrmonkey]

Looks like you're not assigning a default gateway to your clients:

# option routers ;

[mac_shinobi]

Your firewall does pass ping requests through, doesn't it?

That's related to ICMP as I think ping relies on ICMP ( Correct me if I am wrong )

[powdarrmonkey]

That's related to ICMP as I think ping relies on ICMP ( Correct me if I am wrong )

Correct, ping is one of the packet types in the Internet Control Message protocol.

I still say it's the gateway. As to the DNS error, you don't have a correctly configured reverse-lookup zone.

[anupindi007]

Correct, ping is one of the packet types in the Internet Control Message protocol.

I still say it's the gateway. As to the DNS error, you don't have a correctly configured reverse-lookup zone.

First of all thanks for your prompt reply and seeking your advise for the following:

which file i have to modify I mean in PC/Router/Server?
a. do I need to change /etc/network/interfaces in Server for eth1 to add "gateway 10.10.10.1" ? or eth0 add "gateway 10.10.10.1"

b. do I need to change in Server /etc/dhcp3/dhcpd.conf file at
...
A slightly different configuration for an internal subnet.
...
option domain-name-servers 10.10.10.1;
option routers ?;

c. in between router pc to server
I have to DNS I should provide 10.10.10.1? or i have to specify Server eth1(where dns is running) 10.5.5.1?

[mac_shinobi]

Correct, ping is one of the packet types in the Internet Control Message protocol.

I still say it's the gateway. As to the DNS error, you don't have a correctly configured reverse-lookup zone.

I would agree with that as well but just wanted confirmation on the ICMP part.

[anupindi007]

Thanks for your reply. what need to look and configure GW and reverse-lookup.

I felt that may be some thing wrong in my configuration and reinstalled my ubuntu once. Hence i have moved my system too in different network, and also using the working server scripts trying to configure the new server.
Details as follows:


Configuration is same PC > router > Server (eth1-local-ip), eth0-external-ip) - new_GW

Server eth0 IP: 192.168.1.113 subnet 255.255.255.0
Server eth1 IP: 10.5.5.1 subnet 255.255.255.224


#cat /etc/resolv.conf
domain xxxx.com
search xxxx.com
nameserver 192.168.1.20


#nslookup list
Server: 192.168.1.20
Address: 192.168.1.20#3
Non-authoritative answer:
Name: list.xxx.com
Address: aaa.bbb.ccc.ddd

# cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto eth1
iface eth1 inet static
address 10.5.5.1
netmask 255.255.255.224

cat /etc/dhcp3/dhcpd.conf
...
# A slightly different configuration for an internal subnet.
subnet 10.5.5.0 netmask 255.255.255.224 {
range 10.5.5.26 10.5.5.30;
option domain-name-servers 10.5.5.1;
option routers 10.5.5.1;
default-lease-time 86400;
max-lease-time 64800;
}


Router ip external : 10.5.5.26
Router ip internal : 172.16.2.1
Router Default GW : 10.5.5.1

PC IP : 172.16.2.10

I am very much sure that in this network its worked perfectly, but still i am not able to ping now too (after re-installation of ubuntu, and not installed shorewall(firewall).

#iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

a. able to ping from pc to Server - eth0
b. able to ping from pc to Server - eth1
c. able to browse Internet from Server
d. while trying to ping Google from pc
--says: ping request count not find host Google . please check...

(earlier it was resolving the ip now it's not working too)

nslookup list:
DNS request timed out
timeout was 2 seconds
*** coun't find server name for address 192.16.1.20
*** Default server was not available
Server: unknown
Address: 192.168.1.2

sorry back to square one...

[anupindi007]

Updates:
from pc using wireless i have connected to directly to different server but in the same network.
(Configuration is same PC > router > Server (eth1-local-ip), eth0-external-ip) - new_GW--Wireless)

c:>ipconfig
ip address : 192.168.10
subnet : 255.255.255.0
Default GW : 192.168.1.20

c:>nslookup
*** coun't find server name for address 192.16.1.20: Non-existent domain
*** Default server was not available
Server: unknown
Address: 192.168.1.2

[anupindi007]

Updates:
- DNS name resolution is working from PC:
c:> nslookup www raja.com
*** coun't find server name for address 10.5.5.1: Non-existent domain
*** Default server was not available
Server: unknown
Address: 10.5.5.1
Non-authoritative answer:
Name : raja.com
Address: 66.117.154.109
Aliases :www .raja.com

DNS reverse lookup also working as per me(i didn't do any configuration specially)
C:>nslookup 66.117.154.109
*** coun't find server name for address 10.5.5.1: Non-existent domain
*** Default server was not available
Server: unknown
Address: 10.5.5.1
Name : cpanel94.lmi.net
Address : 66.117.154.109

Server side shows:
# host www.raja.com
www.raja.com is an alias for raja.com.
raja.com has address 66.117.154.109
raja.com mail is handled by 0 aspmx.l.google.com.
raja.com mail is handled by 10 alt2.aspmx.l.google.com.
raja.com mail is handled by 20 aspmx2.googlemail.com.
raja.com mail is handled by 20 aspmx4.googlemail.com.
raja.com mail is handled by 20 aspmx5.googlemail.com.
raja.com mail is handled by 20 aspmx3.googlemail.com.

# host 66.117.154.109
109.154.117.66.in-addr.arpa domain name pointer cpanel04.lmi.net.



so now where should I look, to resolve the same.