2
I have a home wifi network with 2 linux and 1 mac system. I can reach each linux from mac and other way round, but an attempt to ping a linux from another linux results with "Destination Host Unreachable" error on both systems.
What may cause it, and how to fix it? I disabled all firewalls on both linux systems:
iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
yet it didn't help much.
Details:
pc (ubuntu 16.04):
ifconfig:
wlp2s0 Link encap:Ethernet HWaddr ac:7b:a1:c5:ea:0e
inet addr:192.168.1.83 Bcast:192.168.1.255 Mask:255.255.255.0
route:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.254 0.0.0.0 UG 600 0 0 wlp2s0
192.168.1.0 * 255.255.255.0 U 600 0 0 wlp2s0
arp:
Address HWtype HWaddress Flags Mask Iface
192.168.1.254 ether 58:90:43:49:eb:6b C wlp2s0
192.168.1.77 ether 34:02:86:aa:89:85 C wlp2s0
192.168.1.69 ether 18:65:90:dc:04:55 C wlp2s0
laptop (ubuntu 16.04):
ifconfig:
wlan0 Link encap:Ethernet HWaddr 34:02:86:aa:89:85
inet addr:192.168.1.77 Bcast:192.168.1.255 Mask:255.255.255.0
route:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.254 0.0.0.0 UG 600 0 0 wlan0
192.168.1.0 * 255.255.255.0 U 600 0 0 wlan0
arp:
Address HWtype HWaddress Flags Mask Iface
192.168.1.83 ether ac:7b:a1:c5:ea:0e C wlan0
192.168.1.69 ether 18:65:90:dc:04:55 C wlan0
192.168.1.254 ether 58:90:43:49:eb:6b C wlan0
mac (10.13.3):
ifconfig:
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 18:65:90:dc:04:55
inet6 fe80::80f:e846:2fe6:90c5%en0 prefixlen 64 secured scopeid 0x5
inet 192.168.1.69 netmask 0xffffff00 broadcast 192.168.1.255
route:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.254 UGSc 105 0 en0
192.168.1 link#5 UCS 4 0 en0
192.168.1.69/32 link#5 UCS 0 0 en0
192.168.1.77 34:2:86:aa:89:85 UHLWI 0 510 en0 1154
192.168.1.83 ac:7b:a1:c5:ea:e UHLWIi 2 55 en0 915
192.168.1.254/32 link#5 UCS 1 0 en0
192.168.1.254 58:90:43:49:eb:6b UHLWIir 39 14075 en0 1169
192.168.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 2 en0
255.255.255.255/32 link#5 UCS 0 0 en0
Ping from pc to mac works:
ping 192.168.1.69
PING 192.168.1.69 (192.168.1.69) 56(84) bytes of data.
64 bytes from 192.168.1.69: icmp_seq=1 ttl=64 time=6.15 ms
Ping from pc to laptop does not:
ping 192.168.1.77
PING 192.168.1.77 (192.168.1.77) 56(84) bytes of data.
From 192.168.1.83 icmp_seq=9 Destination Host Unreachable
Ping from laptop to mac works:
ping 192.168.1.69
PING 192.168.1.69 (192.168.1.69) 56(84) bytes of data.
64 bytes from 192.168.1.69: icmp_seq=1 ttl=64 time=5.89 ms
Ping from laptop to pc does not:
ping 192.168.1.83
PING 192.168.1.83 (192.168.1.83) 56(84) bytes of data.
From 192.168.1.77 icmp_seq=2 Destination Host Unreachable
Ping from mac to pc works:
ping 192.168.1.83
PING 192.168.1.83 (192.168.1.83): 56 data bytes
64 bytes from 192.168.1.83: icmp_seq=0 ttl=64 time=101.836 ms
Ping from mac to laptop works as well:
ping 192.168.1.77
PING 192.168.1.77 (192.168.1.77): 56 data bytes
64 bytes from 192.168.1.77: icmp_seq=0 ttl=64 time=16.749 ms
Tcpdump from 192.168.1.77 during telnet 192.168.83 22:
tcpdump -i wlan0 -s 65535 -n host 192.168.1.83
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 65535 bytes
18:38:53.194490 ARP, Request who-has 192.168.1.83 tell 192.168.1.77, length 28
18:38:53.410085 ARP, Reply 192.168.1.83 is-at ac:7b:a1:c5:ea:0e, length 46
18:38:53.410100 IP 192.168.1.77.38208 > 192.168.1.83.22: Flags [S], seq 3257644438, win 29200, options [mss 1460,sackOK,TS val 7583261 ecr 0,nop,wscale 7], length 0
18:38:54.193729 IP 192.168.1.77.38208 > 192.168.1.83.22: Flags [S], seq 3257644438, win 29200, options [mss 1460,sackOK,TS val 7583511 ecr 0,nop,wscale 7], length 0
18:38:56.197662 IP 192.168.1.77.38208 > 192.168.1.83.22: Flags [S], seq 3257644438, win 29200, options [mss 1460,sackOK,TS val 7584012 ecr 0,nop,wscale 7], length 0
18:39:00.205734 IP 192.168.1.77.38208 > 192.168.1.83.22: Flags [S], seq 3257644438, win 29200, options [mss 1460,sackOK,TS val 7585014 ecr 0,nop,wscale 7], length 0
18:39:08.213738 IP 192.168.1.77.38208 > 192.168.1.83.22: Flags [S], seq 3257644438, win 29200, options [mss 1460,sackOK,TS val 7587016 ecr 0,nop,wscale 7], length 0
18:39:24.245736 IP 192.168.1.77.38208 > 192.168.1.83.22: Flags [S], seq 3257644438, win 29200, options [mss 1460,sackOK,TS val 7591024 ecr 0,nop,wscale 7], length 0
18:39:29.253720 ARP, Request who-has 192.168.1.83 tell 192.168.1.77, length 28
18:39:30.253717 ARP, Request who-has 192.168.1.83 tell 192.168.1.77, length 28
18:39:31.253715 ARP, Request who-has 192.168.1.83 tell 192.168.1.77, length 28
18:39:56.309737 ARP, Request who-has 192.168.1.83 tell 192.168.1.77, length 28
18:39:56.321748 ARP, Reply 192.168.1.83 is-at ac:7b:a1:c5:ea:0e, length 46
18:39:56.321762 IP 192.168.1.77.38208 > 192.168.1.83.22: Flags [S], seq 3257644438, win 29200, options [mss 1460,sackOK,TS val 7599040 ecr 0,nop,wscale 7], length 0
Tcpdump from 192.168.1.83 at the same time:
tcpdump -i wlp2s0 -s 65535 -n host 192.168.1.77
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlp2s0, link-type EN10MB (Ethernet), capture size 65535 bytes
18:38:53.341294 ARP, Request who-has 192.168.1.83 tell 192.168.1.77, length 46
18:38:53.341312 ARP, Reply 192.168.1.83 is-at ac:7b:a1:c5:ea:0e, length 28
18:39:56.316562 ARP, Request who-has 192.168.1.83 tell 192.168.1.77, length 46
18:39:56.316597 ARP, Reply 192.168.1.83 is-at ac:7b:a1:c5:ea:0e, length 28
UPDATE
Apparently I am missing some smart settings in BT Smart Hub. Everything works with less sophisticated router.
Alex Blex
Posted 2018-04-09T18:01:58.520
Reputation: 121
please check and share 'iptables -nL' from both Linux boxes – MTG – 2018-04-11T06:20:13.657
@MTG, flushing iptables was the first thing I did. I updated the question with formal output of iptables. – Alex Blex – 2018-04-11T10:53:45.143
You can see outgoing packets on .77, but no incoming packets on .83, so the first guess would be that the router is blocking them. Some routers need to be configured to allow WLAN clients to talk to each other, possibly for all involved clients. So the next step is to look into the webinterface of your router (enable all "advanced options") etc. – dirkt – 2018-04-11T11:06:46.407
@dirkt, Thanks for the hint. Do you know what exactly I need to enable on the router? It is BT Smart Hub. Somehow it let macbook to talk to both linux systems and I can reach macbook from linuxes as well, so I assume the router allows WLAN clients to talk to each other in general, but drops packets between .77 and .83. I will get another router to try it on the weekend.
– Alex Blex – 2018-04-11T11:44:29.4871No idea about the BT Smart Hub. Most routers display a web page when you enter the address in a browser, so try
http://192.168.1.254. It's possible (though this is a wild guess) that the Mac uses Bonjour to make some adjustments to what it is allowed to do; Linux boxes don't do this by default. But one would have to sniff the Mac WLAN traffic when it connects to find out if this is the case. – dirkt – 2018-04-11T14:16:43.370@dirkt, I can access the router web UI. It's just that it has a lot of things there with no real documentation, so I am a bit lost what I need to change there. Thanks for the idea about Bonjour tho. It's worth checking. – Alex Blex – 2018-04-11T14:40:04.910
1Without actually seeing the router web UI, I can't guide you, sorry. In general, every router UI will have its own way of presenting these features. You are looking for something like "client isolation", or general filter rules. – dirkt – 2018-04-11T15:18:01.180