Ubuntu – Can ping to other router subnet but cannot ping host to host

networkingpingroutingvirtualization

Using VMware, I set 2 hosts connected through a router.
All 3 virtual computers run Ubuntu 14.10.

Host A (eth2: 192.168.1.11/24)
Router (eth2: 192.168.1.12/24) (eth3: 192.168.3.2/24)
Host B (eth2: 192.168.3.1/24)

My setup has the following symptoms:

Host A can ping 192.168.3.2, but cannot ping Host B (100% packet loss).
Host B can ping 192.168.1.12, but cannot ping Host A (Destination Host Unreachable).
Router can ping both hosts.

What I have done or tried so far:

I have enabled IP forwarding (sysctl -w net.ipv4.ip_forward=1).
I have added both hosts statically in the router's routing table.
I did nothing on IP masquerading, since the hosts are within private networks only.

Why can't the hosts ping each other?

Best Answer

After a few hours, I solved the problem.

Host A:

route add default gw 192.168.1.12
route del default gw 192.168.1.11

Host B:

route add default gw 192.168.3.2
route del default gw 192.168.3.1

Related Solutions

Ubuntu – Two hosts can’t ping one another

Probably a dumb question: Are these both directly connected into the router or are they going through a switch? If through a switch, turn off both hosts, turn off switch, turn off router. Turn on router, turn on switch, turn on hosts.

(If you can give me more info on the exact brand of the switch, I might be able to tell you how to reset just the 3 ports of the switch)

Leaving the above in as not everyone is using powerline adapters, but un-plug/replug the powerline adapters and/or update their firmware to "unstick" them… >:)

Ubuntu – Ubuntu 18.04 as a router

Wanted to post the answer I was looking for in case anyone else needs the same scenario. AlexP pointed me in the right direction above - the outside boxes didn't know how to reply back and I didn't want to have to add routes on every network that may use this.

I did want routing but I also needed NAT.

These instructions were cobbled together from several different sources but primarily - https://help.ubuntu.com/lts/serverguide/firewall.html <- the ufw IP Maquerading section here.

CentOS instructions from here- https://ronnybull.com/2015/11/20/how-to-centos-7-router/.

I am assuming an internal and an external interface on the Ubuntu box and that the settings for those have already been configured. (Also added instructions at the very bottom to accomplish the same thing with CentOS 7 - that was also a requirement of mine)

1. first, enable ufw and ufw logging

sudo ufw enable
sudo ufw logging on

2. Flush any existing rules (do NOT do this if you are already using ufw or IP tables for firewalling). Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.

iptables --flush            # Flush all the rules in filter and nat tables    
iptables --table nat --flush    
iptables --delete-chain    # Delete all chains that are not in default filter and nat table    
iptables --table nat --delete-chain

3. First, packet forwarding needs to be enabled in ufw. Two configuration files will need to be adjusted, in /etc/default/ufw change the DEFAULT_FORWARD_POLICY to “ACCEPT”:

DEFAULT_FORWARD_POLICY="ACCEPT"

4. Then edit /etc/ufw/sysctl.conf and uncomment:

net/ipv4/ip_forward=1
net/ipv4/conf/all/forwarding=1 
net/ipv6/conf/default/forwarding=1 # if using IPv6

5. Now add rules to the /etc/ufw/before.rules file. The default rules only configure the filter table, and to enable masquerading the nat table will need to be configured. Add the following to the top of the file just after the header comments:

# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Forward traffic from eth1 through eth0.
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
# don't delete the 'COMMIT' line or these nat table rules won't be processed
COMMIT

For each Table a corresponding COMMIT statement is required. In these examples only the nat and filter tables are shown, but you can also add rules for the raw and mangle tables. In the above example replace eth0, eth1, and 192.168.0.0/24 with the appropriate interfaces and IP range for your network.

6. Finally, disable and re-enable ufw to apply the changes:

sudo ufw disable && sudo ufw enable

IP Masquerading should now be enabled. You can also add any additional FORWARD rules to the /etc/ufw/before.rules. It is recommended that these additional rules be added to the ufw-before-forward chain.

CentOS 7 firewalld config to accomplish the same thing -

1. Enable IPv4 packet forwarding.

a. Add the following to /etc/sysctl.conf:

 net.ipv4.ip_forward = 1

b. Apply the sysctl settings:

sysctl -p

2. Add direct rules to firewalld. Add the --permanent option to keep these rules across restarts.

firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -o eth_ext -j MASQUERADE    
firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i eth_int -o eth_ext -j ACCEPT    
firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i eth_ext -o eth_int -m state --state RELATED,ESTABLISHED -j ACCEPT