Re: IPv4 networking problem after dist-upgrade
Hey Dan,
On Wed, Oct 06, 2021 at 10:23:40AM -0400, Dan Ritter wrote:
> Can you tell us about networking on the host, please?
sure, I can.
> ip link show
$ > ip l sh
<snip>...</snip>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast master direct0 state UP mode DEFAULT group default qlen 1000
link/ether 54:04:a6:a0:77:de brd ff:ff:ff:ff:ff:ff
3: direct0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1492 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 32:95:e2:a2:8e:0e brd ff:ff:ff:ff:ff:ff
<snip>...</snip>
I only pasted the relevant interfaces (physical interface and the
corresponding bridge). There are two more bridges and tap interfaces but these
are only for the VMs.
> ip addr show
$ > ip a s
<snip>...</snip>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast master direct0 state UP group default qlen 1000
link/ether 54:04:a6:a0:77:de brd ff:ff:ff:ff:ff:ff
3: direct0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1492 qdisc noqueue state UP group default qlen 1000
link/ether 32:95:e2:a2:8e:0e brd ff:ff:ff:ff:ff:ff
inet 176.9.70.119/27 brd 176.9.70.127 scope global direct0
valid_lft forever preferred_lft forever
inet6 2a01:4f8:151:64::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::3095:e2ff:fea2:8e0e/64 scope link
valid_lft forever preferred_lft forever
<snip>...</snip>
> ip route show
$ > ip r s
default via 176.9.70.97 dev direct0 onlink
176.9.70.96/27 dev direct0 proto kernel scope link src 176.9.70.119
192.168.0.0/24 dev lsbg0 proto kernel scope link src 192.168.0.1
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
> cat /proc/sys/net/ipv4/ip_forward
1
> would be a good start. Also, are you running a firewall of any
> kind on the server itself?
I have a bunch of handwritten iptables, ip6tables, and ebtables rules, but the
behavior is the same after I flush them and they look like this:
$ > sudo iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
LIBVIRT_INP all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
LIBVIRT_FWX all -- 0.0.0.0/0 0.0.0.0/0
LIBVIRT_FWI all -- 0.0.0.0/0 0.0.0.0/0
LIBVIRT_FWO all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
LIBVIRT_OUT all -- 0.0.0.0/0 0.0.0.0/0
Chain LIBVIRT_FWI (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain LIBVIRT_FWO (1 references)
target prot opt source destination
ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain LIBVIRT_FWX (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain LIBVIRT_INP (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain LIBVIRT_OUT (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:68
$ > sudo ip6tables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
LIBVIRT_INP all ::/0 ::/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
LIBVIRT_FWX all ::/0 ::/0
LIBVIRT_FWI all ::/0 ::/0
LIBVIRT_FWO all ::/0 ::/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
LIBVIRT_OUT all ::/0 ::/0
Chain LIBVIRT_FWI (1 references)
target prot opt source destination
Chain LIBVIRT_FWO (1 references)
target prot opt source destination
Chain LIBVIRT_FWX (1 references)
target prot opt source destination
Chain LIBVIRT_INP (1 references)
target prot opt source destination
Chain LIBVIRT_OUT (1 references)
target prot opt source destination
$ > sudo ebtables -L
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
In the meantime I've also figured that I'm able to arping the gateway
successfully, but when I try to ping it via its IPv4 address I won't get any
reply.
Cheers
Oleg
Reply to: