I have two ubuntu computers on a local network and neither one of them can ping each other. Every time I try I get the "destination host unreachable" error message. Both computers are able to access the internet with any problems.
I have a ActionTech v1000h router from Telus. I've been in touch with one of their customer representatives and they said that there should't be any reason why two devices cannot ping each other on the network.
I'm totally at a loss, do any of you guys have any ideas?
Computer 1:
ifconfig -a
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:10084 errors:0 dropped:0 overruns:0 frame:0 TX packets:10084 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:797420 (797.4 KB) TX bytes:797420 (797.4 KB)
wlan0 Link encap:Ethernet HWaddr c4:85:08:77:d3:f5 inet addr:192.168.1.77 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::c685:8ff:fe77:d3f5/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:373068 errors:0 dropped:0 overruns:0 frame:0 TX packets:380158 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:103445020 (103.4 MB) TX bytes:112630337 (112.6 MB)route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 wlan0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination Computer 2:
ifconfig -a
etho0 Link encap:Ethernet HWaddr 00:24:8c:ae:f6:91 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:2 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:110 errors:0 dropped:0 overruns:0 frame:0 TX packets:110 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:8414 (8.4 KB) TX bytes:8414 (8.4 KB)
wlan0 Link encap:Ethernet HWaddr 00:22:43:9b:7b:64 inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::222:43ff:fe9b:7b64/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:252 errors:0 dropped:0 overruns:0 frame:0 TX packets:435 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:123143 (123.1 KB) TX bytes:65828 (65.8 KB)route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination Edit: Example of the error when computer 1 tries to ping computer 2:
ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
From 192.168.1.77 icmp_seq=1 Destination Host Unreachable
From 192.168.1.77 icmp_seq=2 Destination Host Unreachable
From 192.168.1.77 icmp_seq=3 Destination Host Unreachable
From 192.168.1.77 icmp_seq=4 Destination Host Unreachable
From 192.168.1.77 icmp_seq=5 Destination Host Unreachable
From 192.168.1.77 icmp_seq=6 Destination Host Unreachable
^C
--- 192.168.1.2 ping statistics ---
7 packets transmitted, 0 received, +6 errors, 100% packet loss, time 6031ms
pipe 3Edit 2: arp -a of both computers
Computer 1:
? (192.168.1.254) at 20:76:00:f5:3b:70 [ether] on wlan0Computer 2:
? (192.168.1.254) at 20:76:00:f5:3b:70 [ether] on wlan0
? (192.168.1.77) at <incomplete> on wlan0Edit 3: nmap -sn 192.168.1.0/24 on computer 2
Starting Nmap 6.40 ( ) at 2014-05-07 21:14 PDT
Nmap scan report for 192.168.1.2
Host is up (0.00024s latency).
Nmap done: 256 IP addresses (1 host up) scanned in 3.30 secondsEdit 4: The tcpdump logs of both computers while the first ping 192.168.1.254 and then each other:
Computer 1:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:45:01.661300 ARP, Request who-has 192.168.1.2 tell 192.168.1.77, length 28
22:45:02.659393 ARP, Request who-has 192.168.1.2 tell 192.168.1.77, length 28
22:45:03.659394 ARP, Request who-has 192.168.1.2 tell 192.168.1.77, length 28
22:45:04.676872 ARP, Request who-has 192.168.1.2 tell 192.168.1.77, length 28
22:45:05.675391 ARP, Request who-has 192.168.1.2 tell 192.168.1.77, length 28
22:45:06.675396 ARP, Request who-has 192.168.1.2 tell 192.168.1.77, length 28
22:45:07.692825 ARP, Request who-has 192.168.1.2 tell 192.168.1.77, length 28
22:45:48.379058 ARP, Request who-has 192.168.1.77 tell 192.168.1.254, length 28
22:45:48.379108 ARP, Reply 192.168.1.77 is-at c4:85:08:77:d3:f5, length 28
22:45:54.419388 ARP, Request who-has 192.168.1.254 tell 192.168.1.77, length 28
22:45:54.420875 ARP, Reply 192.168.1.254 is-at 20:76:00:f5:3b:70, length 28Computer 2:
reading from file pc2.pcap, link-type EN10MB (Ethernet)
22:44:43.538367 ARP, Request who-has 192.168.1.254 tell 192.168.1.2, length 28
22:44:43.676705 ARP, Reply 192.168.1.254 is-at 20:76:00:f5:3b:70 (oui Unknown), length 28
22:45:02.107935 ARP, Request who-has 192.168.1.254 tell 192.168.1.2, length 28
22:45:02.107951 ARP, Reply 192.168.1.254 is-at 20:76:00:f5:3b:70 (oui Unknown), length 28
22:45:06.780619 ARP, Request who-has 192.168.1.77 tell 192.168.1.2, length 28
22:45:07.778419 ARP, Request who-has 192.168.1.77 tell 192.168.1.2, length 28
22:45:08.778419 ARP, Request who-has 192.168.1.77 tell 192.168.1.2, length 28
22:45:09.796214 ARP, Request who-has 192.168.1.77 tell 192.168.1.2, length 28Edit 5: Setup static ips for both computers etho0 and connected them with an internet cable. Both computers can definitely ping each other through the ethernet cable! ifconfig -a eth0 results:
Computer 1:
eth0 Link encap:Ethernet HWaddr 68:68:68:00:62:a4 inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::6a68:68ff:fe00:62a4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:15 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4060 (4.0 KB) TX bytes:7629 (7.6 KB)Computer 2:
eth0 Link encap:Ethernet HWaddr 00:24:8c:ae:f6:91 inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::224:8cff:feae:f691/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:250 errors:0 dropped:0 overruns:0 frame:0 TX packets:130 errors:0 dropped:0 overruns:0 carrier:3 collisions:0 txqueuelen:1000 RX bytes:26501 (26.5 KB) TX bytes:20897 (20.8 KB) 10 9 Answers
ping gateway from both computers ping 192.168.1.254then try to ping comp1 to compt2 and comp2 to comp1
then post results of arp -a from BOTH boxes
Edit
Interesting, something is blocking traffic
run sudo tcpdump -ni wlan0 arp in one window on both computers and then try pinging each other and the gateway from another window on both again and post results
Edit2
So far that shows that comp1 is doing what it's suppose to sending arp request (asking for comp2s etherner address) but not getting an arp reply (hearing anything back). Need to see the tcpdump from PC2 to see the full picture. Either run the screen command or do this on PC1 sudo tcpdump -w pc1.pcap -ni wlan0 arp & and on PC2 sudo tcpdump -w pc2.pcap -ni wlan0 arp & & should throw it in the background and give you your prompt back for pings. After pings fail bring the jobs back to foreground with fg %1 stop it ctrl+c and read the written files with sudo tcpdump -r pc1/2.pcap
Edit3PCs are doing what they're suppose to, putting ARPs out but they're not getting through which points to the router. Maybe a disable firewall setting, doubt it supports VLANs? Kinda wish you let it run a bit longer at 22:45:48.379058 your router sent its own ARP request when it was looking for PC1 22:45:48.379058 ARP, Request who-has 192.168.1.77 tell 192.168.1.254, length 28 both PCs should've seen it, we can see that PC1 saw it and replied with its IP but cant tell if PC2 got it since since you stopped it stop just short at 22:45:09.796214. Assuming you're clocks are synced with NTP that is.
Edit4
See that it's still not resolved. Didn't see that you have eth adapters on both PCs. Can you hardwire into the router on eth instead of wlan and see if you can ping then? Or get another router? Or make a hotspot on the phone connect both PCs and try to ping? Also, surprised to see that you were able to connect two PCs together and ping each other did you use a crossover cable?
4Try to connect directly your two computers each other with an ethernet cable, setting to both a fixed IP address (ex A : 192.168.1.10, B : 192.168.1.20) and try to ping again.
Then you will know very quickly if the problem comes from your router, or your computers.
4My fist response when I see something weird like this is to install wireshark.
Then make it so you have permission to use it as non-root:
sudo dpkg-reconfigure wireshark-commonChoose the "yes" option.
usermod -a -G wireshark your-user-nameLogout and log back in to pick up the new group membership and you can now run capture packets as a non-root user.
Then run wireshark on the machine, selecting the interface connected to the network. Try to minimize traffic other than your testing to make interpreting the results easier.
If you run wireshark on one machine, and then try to ping from another, you should see something on the machine running wireshark that says something along the lines of "Who has <ip you're trying to ping>". If you get that, then the computer trying to ping is having it's request recieved by the wireshark computer. Hopefully, you should also see in wireshark something along the lines of "<ip address you're trying to ping> is at <mac address>". If you do, then the wireshark computer is responding. If that is the case, then try running wireshark on the computer pinging and see if you can see the "<ip address you're trying to ping> is at <mac address>" response on the pinging computer.
I apologize if this is too low level and goes over your head. This method does get deep into the details. But being able to see what is actually happening on the network tends to make problems a lot more obvious.
3I had the same symptoms with my LAN (ubuntu machines only). It happened since we got a new router. It's one of those dual band ones. Couldn't make sense of the problem, until I thought may be one "band" is totally disjoint from the other. Should be easy to test, I disconnected one machine from wifi and reconnected it (to the same SSID), and what do you know, I got lucky (is it a 50-50 chance?) and it appeared on the lan of the other machine and I can now ping and log-into it! The "nmap" above gave me the clue. Thanks for the idea.
1Go through your router's configuration and see if local network firewall(s) aren't up. Some routers, by default, isolate connected devices from each other.
You can also use nmap:
$ nmap -sn 192.168.1.0/24See if this comes up with anything.
1Something is messed up with your routing table but I can't see anything wrong with it. "Host unreachable" means that the kernel can't decide which adapter to use to send the packet so it gives up and drops the packet.
The Metric for your local network is 9. That ought to be 0 or 1. However the Linux kernel is rumoured to ignore the metric.
I would try to add a route to the specific host. Try this on Computer 1:
route add -host 192.168.1.2 metric 0 dev wlan0
Also try removing the route to 169.254.0.0 and see if that will help. It is unlikely but you never know.
EDIT
You don't have VPN running, do you? Cisco VPN is known to interfere with the local network connections.
2All your packets from Computer 1 and Computer 2 are routed to wlan0 on each localhost, but neither wireless interface is associated with a wireless network.
Did you assign the IP addresses manually? They should be provided, via DHCP, by the router, as part of the association/authentication setup.
Do sudo iwlist wlan0 scan on each computer to see the wireless networks available to each computer. One of them should be your router. Is the router configured with an ESSID (wireless network name) that differs from the default?
What sort of encryption is the router configured for/capable of? Choices are None (very very bad), WEP (very bad), WPA(bad) and WPA2(best available for now). All 3 systems must agree on a common encryption.
Once all that is straightened out, Computer 1 should be able to wirelessly connect to the router, get an IP address from it (along with other networking info like the default gateway, MTU). Be able to ping the router.
Repeat for Computer 2.
Then, and only then, may you truly ping, if the router allows local address routing.
The problem seems to be in your network. Not in the linux machines themselves. I'd say it is your wireless router/access point that is playing tricks with you.
- Since you can reach the Internet from both hosts, they can get the default gateways MAC through an ARP request.
- They don't get each others ARP requests or replies.
- They (proven on computer1) get the routers ARP request.
This indicates that your router/AP swallows the ARP requests, and without ARP functioning, they don't know the MAC of the other one, and thus they cannot talk Ethernet with each other.
Try have the router DHCP assign the addresses instead of statically assigning them yourself.
Or add them statically to your ARP cache to see if that helps.
On Computer1:
arp -s 192.168.1.2 00:22:43:9b:7b:64On Computer2:
arp -a 192.168.1.77 c4:85:08:77:d3:f5 Check if your wlan router AP has an isolation option (enable AP Isolation) disable it.
0