[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IPv4 networking problem after dist-upgrade

Hey Dan,

On Wed, Oct 06, 2021 at 10:23:40AM -0400, Dan Ritter wrote:
> Can you tell us about networking on the host, please?

sure, I can.

> ip link show

$ > ip l sh
<snip>...</snip>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast master direct0 state UP mode DEFAULT group default qlen 1000
    link/ether 54:04:a6:a0:77:de brd ff:ff:ff:ff:ff:ff
3: direct0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1492 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 32:95:e2:a2:8e:0e brd ff:ff:ff:ff:ff:ff
<snip>...</snip>

I only pasted the relevant interfaces (physical interface and the
corresponding bridge). There are two more bridges and tap interfaces but these
are only for the VMs.

> ip addr show

$ > ip a s
<snip>...</snip>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast master direct0 state UP group default qlen 1000
    link/ether 54:04:a6:a0:77:de brd ff:ff:ff:ff:ff:ff
3: direct0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1492 qdisc noqueue state UP group default qlen 1000
    link/ether 32:95:e2:a2:8e:0e brd ff:ff:ff:ff:ff:ff
    inet 176.9.70.119/27 brd 176.9.70.127 scope global direct0
       valid_lft forever preferred_lft forever
    inet6 2a01:4f8:151:64::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::3095:e2ff:fea2:8e0e/64 scope link
       valid_lft forever preferred_lft forever
<snip>...</snip>

> ip route show

$ > ip r s
default via 176.9.70.97 dev direct0 onlink 
176.9.70.96/27 dev direct0 proto kernel scope link src 176.9.70.119 
192.168.0.0/24 dev lsbg0 proto kernel scope link src 192.168.0.1 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1

> cat /proc/sys/net/ipv4/ip_forward

1
 
> would be a good start. Also, are you running a firewall of any
> kind on the server itself?

I have a bunch of handwritten iptables, ip6tables, and ebtables rules, but the
behavior is the same after I flush them and they look like this:

$ > sudo iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
LIBVIRT_INP  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
LIBVIRT_FWX  all  --  0.0.0.0/0            0.0.0.0/0
LIBVIRT_FWI  all  --  0.0.0.0/0            0.0.0.0/0
LIBVIRT_FWO  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
LIBVIRT_OUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain LIBVIRT_FWI (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain LIBVIRT_FWO (1 references)
target     prot opt source               destination
ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain LIBVIRT_FWX (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain LIBVIRT_INP (1 references)
target     prot opt source               destination
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67

Chain LIBVIRT_OUT (1 references)
target     prot opt source               destination
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:68
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:68

$ > sudo ip6tables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
LIBVIRT_INP  all      ::/0                 ::/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
LIBVIRT_FWX  all      ::/0                 ::/0
LIBVIRT_FWI  all      ::/0                 ::/0
LIBVIRT_FWO  all      ::/0                 ::/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
LIBVIRT_OUT  all      ::/0                 ::/0

Chain LIBVIRT_FWI (1 references)
target     prot opt source               destination

Chain LIBVIRT_FWO (1 references)
target     prot opt source               destination

Chain LIBVIRT_FWX (1 references)
target     prot opt source               destination

Chain LIBVIRT_INP (1 references)
target     prot opt source               destination

Chain LIBVIRT_OUT (1 references)
target     prot opt source               destination
$ > sudo ebtables -L
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT


In the meantime I've also figured that I'm able to arping the gateway
successfully, but when I try to ping it via its IPv4 address I won't get any
reply.

Cheers
Oleg
Reply to: