2

Update 6 @ 2:56p on Nov 21

I am working on a creating a small network of virtual machines and containers. So far, I am stuck configuring the host though. There is no virtual machine involved in this connection. Though there are two bridges in place.

Just to clarify, this is on bare-metal in a data center. There is no ISP or modem. The hypervisor is not implicated in the path to the Internet. I am running Ubuntu 17.10.

What works and what does not:

  • ping 8.8.8.8 - succeeds
  • ping 213.133.98.98 - succeeds
  • google.com - failure in name resolution
  • web browsing – no internet connection
  • web browsing with firewall disabled - no internet connection
  • host google.com – no servers could be reached
  • NoMachine, remoting into host using - succeeds
  • antivirus - none

ifconfig -a returns:

lxdbr0 broadcast = 0.0.0.0
enp7s0 broadcast = 0.0.0.0
enp7s0 netmask = 255.255.255.255

My conclusion was that netmask = 255.255.255.255 was the immediate problem as it had enp7s0 on a single-address subnet, with no room for a gateway, etc. This was preventing access to DNS services, thus the pattern of failures. But adding static routing to cure that did not restore Internet/WAN access.

I think the contents of /etc/network/interfaces provides most of the other necessary context. Oh, and the fact that netmask on enp7s0 shows as 255.255.255.255 when I run ifconfig -a.

Gateway and broadcast were assigned by my vendor re enp7s0. Using Ubuntu 17.10. I believe I disabled Network Manager.

'# This is /etc/network/interfaces for use on Host
'# The loopback network interface
auto lo
iface lo inet loopback

'# This is the WAN port
auto enp7s0
iface enp7s0 inet static
    address 78.46.80.146
    netmask 255.255.255.224
    network 78.46.80.128
    broadcast 78.46.80.159
    gateway 78.46.80.129
'# static route entry follows, wherein x.x.0.0 is a wildcard
    up ip route add 78.46.0.0/27 via 78.46.80.129 || true
    dns-nameserver 213.133.98.98 
    dns-nameserver 8.8.8.8

'# Virtual bridge on enp6s0 for virtual machine use
auto br0
iface br0 inet static
    address 192.168.122.2
    netmask 255.255.255.0
    network 192.168.122.0
    broadcast 192.168.122.255
'#   gateway 192.168.122.1
    up ip route add 192.168.0.0/16 via 78.46.80.129 || true
    bridge_ports enp6s0
    bridge_stp on
    bridge_maxwait 0
    bridge_fd 0

'# Virtual bridge for container use
auto lxdbr0
iface lxdbr0 inet static
    address 10.36.109.2
    netmask 255.255.255.0
    network 10.36.109.0
    broadcast 10.36.109.255
  '#  gateway 10.36.109.1
    up ip route add 192.168.0.0/16 via 78.46.80.129 || true
    bridge_ports
    bridge_stp on
    bridge_maxwait 0
    bridge_fd 0


/etc/resolv.conf
nameserver 213.133.98.98
nameserver 8.8.8.8


Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         78.46.80.129    0.0.0.0         UG    0      0        0 enp7s0
10.36.109.0     0.0.0.0         255.255.255.0   U     0      0        0 lxdbr0
78.46.0.0       78.46.80.129    255.255.255.224 UG    0      0        0 enp7s0
78.46.80.128    0.0.0.0         255.255.255.224 U     0      0        0 enp7s0
78.46.80.129    0.0.0.0         255.255.255.255 UH    0      0        0 enp7s0
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 enp7s0
192.168.0.0     78.46.80.129    255.255.0.0     UG    0      0        0 enp7s0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 br0


ARP
Address                  HWtype  HWaddress           Flags Mask      Iface
78.46.80.129             ether   30:b6:4f:3f:eb:ba   C               enp7s0
gbambo
  • 21
  • 1
  • 4
  • 2
    There's nothing wrong with 255.255.255.255 netmask, your hypervisor should know how to route it. Did you check your `/etc/resolv.conf`. Did you check querying a DNS you know should work: `host google.com 8.8.8.8`? – SYN Nov 19 '17 at 23:59
  • To be clear, the issue is on the host and therefore does not implicate the hypervisor. – gbambo Nov 20 '17 at 00:07
  • Meanwhile, 255.255.255.255 netmask prevents regular access to the host's WAN gateway, as it is blocked by the mask which limits the host's subnet to the single address of the host. /etc/resolv.conf has one line "search xplor.nyc" which is an unconfigured domain. – gbambo Nov 20 '17 at 00:28
  • Please post `netstat -nr`. – SYN Nov 21 '17 at 08:38

2 Answers2

2

The network address is incorrect.

Fix the network address configuration

network 78.46.80.0

should be corrected as follows:

network 78.46.80.128

Your device enp7s0 belongs to the network 78.46.80.128/27 (which begins at 78.46.80.128 and ends at 78.46.80.159 which is broadcast address is defined above correctly).

minish
  • 626
  • 3
  • 10
1

ping was successful, so routing is fine. Well at least at ICMP layer. There was no nameserver in resolv.conf. What is result of nslookup yahoo.com 8.8.8.8?
echo nameserver 8.8.8.8 >> /etc/resolv.conf

rjt
  • 568
  • 5
  • 25
  • 1
    nslookup yahoo.com 8.8.8.8 > "connection timed out; no servers could be reached" – gbambo Nov 20 '17 at 20:30
  • adding "nameserver 213.133.98.98" to /etc/resolv.conf has no effect. – gbambo Nov 20 '17 at 20:42
  • Can you still ping 8.8.8.8? – rjt Nov 20 '17 at 21:07
  • What is output of `traceroute 8.8.8.8` ? – rjt Nov 20 '17 at 21:39
  • I can still ping 8.8.8.8. Traceroute is not installed. – gbambo Nov 21 '17 at 01:07
  • 1
    If you can ping but can't query for a record from google DNS servers: odds are, you can't ping 8.8.8.8 to begin with. Could you post output for your ping? – SYN Nov 21 '17 at 08:36
  • If you really **can** ping a DNS server but can't issue a DNS request against it, then I'm wondering if there's a firewall or filtering issue or something like that. – Todd Wilcox Nov 21 '17 at 21:07
  • Yes, it could be a filter on a network switch that only allows UDP, but OP needs to post the output of ping. I say he simplifies his ifcfg- entries because `network ` and `ifup ip route` entries are rarely needed. – rjt Nov 22 '17 at 19:57