Ubuntu cannot access internet, LAN is fine

Question

I have an Ubuntu 8.04 LTS server that is directly connected to our Comcast Business Gateway modem and I have configured it with 1 of our 5 allotted Static IPs. My other machines on our LAN can connect to this server (via ssh, web, ping, etc.) but I cannot access this server from outside our network, and this machine cannot get out to the internet either (ping google.com fails with unknown host).

Here is my /etc/networking/interfaces file:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
    address 173.162.54.19
    netmask 255.255.255.248
    broadcast 173.162.54.23
    gateway 173.162.54.22

and my /etc/resolv.conf:

nameserver 68.87.77.130
nameserver 68.87.72.130

output from sudo route -n:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
173.162.54.16   0.0.0.0         255.255.255.248 U     0      0        0 eth0
0.0.0.0         173.162.54.22   0.0.0.0         UG    100    0        0 eth0

I have a Windows 2008 machine with an almost identical Static IP, static DNS setup and it works correctly, can access it within the LAN and also from public internet, the Windows machine and the Ubuntu machine are both directly connected to the Comcast Business Gateway.

I have tried rebooting Ubuntu, rebooting my Comcast modem, but nothing seems to make it work. I'm an Ubuntu noob, is there some other config I need to apply to make this work?

UPDATE: Yes I am able to ping my default gateway 173.162.54.22

output of iptables --list -n:

Chain INPUT (policy DROP)
target     prot opt source               destination
ufw-before-input  all  --  0.0.0.0/0            0.0.0.0/0
ufw-after-input  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination
ufw-before-forward  all  --  0.0.0.0/0            0.0.0.0/0
ufw-after-forward  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ufw-before-output  all  --  0.0.0.0/0            0.0.0.0/0
ufw-after-output  all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-after-forward (1 references)
target     prot opt source               destination
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK FORWARD]: '
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-after-input (1 references)
target     prot opt source               destination
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:137
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:138
RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:139
RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:445
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:67
RETURN     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:68
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK INPUT]: '
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-after-output (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-before-forward (1 references)
target     prot opt source               destination
ufw-user-forward  all  --  0.0.0.0/0            0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-before-input (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED
DROP       all  --  0.0.0.0/0            0.0.0.0/0           ctstate INVALID
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 4
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 12
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spt:67 dpt:68
ufw-not-local  all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  224.0.0.0/4          0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            224.0.0.0/4
ufw-user-input  all  --  0.0.0.0/0            0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-before-output (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW,RELATED,ESTABLISHED
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW,RELATED,ESTABLISHED
ufw-user-output  all  --  0.0.0.0/0            0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-not-local (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type LOCAL
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type MULTICAST
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type BROADCAST
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK NOT-TO-ME]: '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-user-forward (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-user-input (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:22
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain ufw-user-output (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

I should also mention that I have tried temporarily turning off the `ufw` firewall (`sudo ufw disable`), but it seems to have no effect. — Kevin Southworth, Aug 01 '11 at 16:50
from this server, a ping to google's IP address `74.125.225.83` also fails, so it appears to NOT be strictly a DNS issue? — Kevin Southworth, Aug 01 '11 at 16:53
Are you actually able to ping at least your default gateway? i.e. 173.162.54.22? — Marco Bizzarri, Aug 01 '11 at 17:08
Remove the network-manager if installed. Can you ping your DNS servers? — grs, Aug 01 '11 at 17:35
please, add the output of iptables --list -n; that way it is possible to see if it is a iptables problem. — Marco Bizzarri, Aug 01 '11 at 18:44
You have a networking problem, and have not provided enough information to solve it. Use the answers to http://serverfault.com/questions/92053/diagnose-network-faults to diagnose the problem yourself. — womble, Aug 02 '11 at 00:25
When you say you can't disable the firewall try to disable it with `/etc/init.d/iptables stop` — Bart De Vos, Aug 02 '11 at 14:22
What is your default gateway (the actual device)? The Comcast Business Gateway? The ISP? What is the IP/Subnet of the computers who can successfully access the server? — Reece45, Aug 20 '12 at 20:53
I've always found traceroute helpful in cases like this - you want to know where you've being stopped. My question is are you getting past the Comcast modem. If you want an even more detailed view of things, take a few minutes an read up on using nmap. — JRS, Jun 20 '15 at 18:30

score 1 · Answer 1 · answered Aug 02 '11 at 14:47

1

You've set up a static ip, have you made sure that you've been given it by your router. Check your current ip with ifconfig , If it is different than the static ip, it's possible that dhclient is running and grabbing you a different ip. Use sudo killall dhclient to stop the process if it is running. Also you can try deleting the dhcp lease file (I forget where it is located though) and if dhclient was running, and you had rebooted the computer, then make sure to stop it from running on boot (I forget where to do this as well). One last thing, you shouldn't give out your ip on the internet....

answered Aug 02 '11 at 14:47

ls_la

11
1

dhclient is not running, but i went ahead and deleted the dhcp lease files anyway. If i switch back to DHCP everything works fine, but I need it to use a Static IP... – Kevin Southworth Aug 04 '11 at 16:14
1

There's no harm in giving out your public IP on the internet. I can guess it in 3,706,452,992 tries. – Tom O'Connor Dec 26 '12 at 22:15

Ethode · Answer 2 · 2015-04-12T13:21:48.580

Plausible that your resolve.conf is being overwritten. Judging by your configs you posted I would follow these steps to make your DNS permanent. In your /etc/network/interfaces config file make sure that eth0 has the following config.

dns-nameservers <your DNS server1> <you dns 2> 8.8.8.8 8.8.4.4

If you're connected over SSH you can't do ifup/ifdown without loosing a connection so if it were me just sudo reboot -n.

If you're connected straight to the machine then you can run

sudo ifdown eth0 && ifup eth0

What will happen is that networking will place these DNS configs into /etc/resolve.conf for you.

Ubuntu cannot access internet, LAN is fine

2 Answers2