Jeremy711
Posts: 5
Joined: Thu Jun 09, 2016 1:15 am

Can't access WAN outside of my internal network with Jessie

Thu Jun 09, 2016 1:26 am

I'll jump write to it:

I am able to obtain an IP address from my router.
I can ping localhost, other devices on the subnet.
I can ping my router.
I am using my gateway IP as my default nameserver.
I cannot ping 8.8.8.8, www.google.com, or anywhere outside my internal network.

Here is the output from ifconfig:

Code: Select all

[email protected]:~ $ ifconfig
eth0      Link encap:Ethernet  HWaddr *mac address here*
          inet addr:172.16.31.251  Bcast:172.16.31.255  Mask:255.255.255.0
          inet6 addr: fe80::19ca:d40c:5df6:daf2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4313 errors:0 dropped:1779 overruns:0 frame:0
          TX packets:354 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:723415 (706.4 KiB)  TX bytes:37466 (36.5 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:1176 (1.1 KiB)  TX bytes:1176 (1.1 KiB)

wlan0     Link encap:Ethernet  HWaddr *mac address here*
          inet6 addr: fe80::2215:aaaa:7d96:485f/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:2 errors:0 dropped:2 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:123 (123.0 B)  TX bytes:0 (0.0 B)
And oh yeah, I have configured my /etc/dhcpcd.conf file to maintain a static ip:

Code: Select all

[email protected]:~ $ cat /etc/dhcpcd.conf
# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.

# Allow users of this group to interact with dhcpcd via the control socket.
#controlgroup wheel

# Inform the DHCP server of our hostname for DDNS.
hostname

# Use the hardware address of the interface for the Client ID.
clientid
# or
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
#duid

# Persist interface configuration when dhcpcd exits.
persistent

# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit

# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Most distributions have NTP support.
option ntp_servers
# Respect the network MTU.
# Some interface drivers reset when changing the MTU so disabled by default.
#option interface_mtu

# A ServerID is required by RFC2131.
require dhcp_server_identifier

# Generate Stable Private IPv6 Addresses instead of hardware based ones
slaac private

# A hook script is provided to lookup the hostname if not set by the DHCP
# server, but it should not be run by default.
nohook lookup-hostname

interface eth0

static ip_address=172.16.31.251/24
static routers=172.16.31.1
static domain_name_servers=172.16.31.1

interface wlan0

static ip_address=172.16.31.250/24
static routers=172.16.31.1
static domain_name_servers=172.16.31.1
As far as I can tell, my gateway is set up correctly:

Code: Select all

[email protected]:~ $ sudo route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.16.31.1     0.0.0.0         UG    202    0        0 eth0
172.16.31.0     0.0.0.0         255.255.255.0   U     202    0        0 eth0
What am I missing here? Why am I not able to access the wider internet? (I'm a first time raspberry user btw, so there may be something obvious I am glossing over.)

User avatar
DougieLawson
Posts: 35805
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Can't access WAN outside of my internal network with Jes

Thu Jun 09, 2016 3:58 pm

Since you can ping the gateway at 172.16.31.1 the problem lies outside of your RPi. Is the gateway machine at 172.16.31.1 connected to the public internet? Is it doing something like MAC filtering that prevent's your RPi routing to the public internet through that gateway?
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

drgeoff
Posts: 9743
Joined: Wed Jan 25, 2012 6:39 pm

Re: Can't access WAN outside of my internal network with Jes

Thu Jun 09, 2016 4:17 pm

I don't know what 172.16.31.1 is supposed to be but it doesn't work as a Domain Name Server when I try to use it as one for a (non-RPi) computer.

User avatar
B.Goode
Posts: 8258
Joined: Mon Sep 01, 2014 4:03 pm
Location: UK

Re: Can't access WAN outside of my internal network with Jes

Thu Jun 09, 2016 4:51 pm

drgeoff wrote:I don't know what 172.16.31.1 is supposed to be but it doesn't work as a Domain Name Server when I try to use it as one for a (non-RPi) computer.
Not surprising, since it is a Private Address Space defined by rfc1918, so is valid only on the OP's local LAN.

drgeoff
Posts: 9743
Joined: Wed Jan 25, 2012 6:39 pm

Re: Can't access WAN outside of my internal network with Jes

Thu Jun 09, 2016 6:24 pm

B.Goode wrote:
drgeoff wrote:I don't know what 172.16.31.1 is supposed to be but it doesn't work as a Domain Name Server when I try to use it as one for a (non-RPi) computer.
Not surprising, since it is a Private Address Space defined by rfc1918, so is valid only on the OP's local LAN.
Indeed! :oops:
While I was elsewhere doing something else after posting that I did have a hazy memory of seeing 176.... addresses listed alongside the more common 10.... and 192.... Private Address Spaces. Even though I've been configuring IPv4 stuff for the best part of 20 years in both professional and non-professional capacities, I've never encountered a LAN using the 176... variety.

Jeremy711
Posts: 5
Joined: Thu Jun 09, 2016 1:15 am

Re: Can't access WAN outside of my internal network with Jes

Thu Jun 09, 2016 6:36 pm

I'm sorry if I wasn't clear: 172.16.31.1 is the address of my router and the name of the DNS I currently use. Is it possible this is a DNS issue? I tried replacing my default gateway with 8.8.8.8 in the dhcpcd.conf file to see if it made a difference, and still, no dice.

Actually, I moved my RPi onto a different subnet so it's operation would not interfere with the rest of my house. I also locked the DHCP assignment to dole out the same IP address each time to the RPi. If you can't tell already, I'm trying to use it as a webserver.

Frankly, I'm at a loss for what might be causing the problems described in the first post. I think I have, however, identified one discrepancy in my initial report. It is unclear, but it seems like I can, somewhat limitedly, access the outside internet. It is just whenever I try to run

Code: Select all

sudo apt-get update
a bunch of error messages from the Raspbian mirror locations crop up. Also I still cannot ping google or 8.8.8.8.

It's weird, when I first booted up the Pi I could run apt-get update and apt-get upgrade just fine, but now it seems like something has changed which is preventing my doing so.

drgeoff
Posts: 9743
Joined: Wed Jan 25, 2012 6:39 pm

Re: Can't access WAN outside of my internal network with Jes

Thu Jun 09, 2016 7:46 pm

DNS is only the problem if, for example, 'ping 8.8.8.8' works but 'ping google.com' does not. That does not appear to be what you are experiencing.

Can you explain more about putting the RPi on a different subnet to the rest of the houseDescribe your exact configuration and the subnets you are using.

(A side note. You can ensure the RPi always has the same IP address either by 'locking' it in the router's DHCP config or by settings in dhcpcd.conf on the RPi. No need to do both.)

User avatar
SteveDee
Posts: 343
Joined: Thu Dec 29, 2011 2:18 pm
Location: Sunny Southern England
Contact: Website

Re: Can't access WAN outside of my internal network with Jes

Fri Jun 10, 2016 8:55 am

Jeremy711 wrote:...As far as I can tell, my gateway is set up correctly...
Just curious, but what do you get if you type:-

Code: Select all

ip route show

Jeremy711
Posts: 5
Joined: Thu Jun 09, 2016 1:15 am

Re: Can't access WAN outside of my internal network with Jes

Fri Jun 10, 2016 8:31 pm

drgeoff wrote: (A side note. You can ensure the RPi always has the same IP address either by 'locking' it in the router's DHCP config or by settings in dhcpcd.conf on the RPi. No need to do both.)
I actually had both the router and the RPi setting the IP to be static for redundancy's sake. I don't think it actually affected connectivity but I may revert back to just the RPi setting the static IP on its own... I've read that's preferable to letting your router do it but I've never understood why. As a side note, if anyone could explain this to me, I would be grateful.

Anyway, I've discovered the problem lies in setting the static IP in my RPi settings. As soon as I commented out the lines I had added in /etc/dhcpcd.conf, sudo apt-get update worked just fine. So my question now is: how can I set my IP to be static within the RPi config files without it breaking the "download" capabilites of my device?

Any intelligent response is much appreciated.

Edit: Even without a static IP (either in the router or RPi) I still cannot ping 8.8.8.8 or www.google.com. I cannot explain this behavior.

stderr
Posts: 2178
Joined: Sat Dec 01, 2012 11:29 pm

Re: Can't access WAN outside of my internal network with Jes

Fri Jun 10, 2016 9:13 pm

Jeremy711 wrote:Edit: Even without a static IP (either in the router or RPi) I still cannot ping 8.8.8.8 or http://www.google.com. I cannot explain this behavior.
I didn't see any discussion about other hardware. Are other devices working correctly, say a mobile phone running fing, can it see and ping everything and get out to the net? Do you have another linux box or something that you can test with? Can everyone ssh into everyone else and back out? Are you getting any errors with a flood ping? Is wifi, heaven forbid, involved in any of this? Make sure your network is working correctly locally before trying to get out. You've got to narrow down where the problem is or you'll endlessly spin your wheels.

If you've got it going on locally, everything is happy, then try again to get out. If that still doesn't work just from this pi and it does from everything else, then I'd simplify things by just having the pi directly plugged into the router and see if that works. If it still doesn't work, I'd find another sdcard and put a new copy of raspbian on there and see what happens. I might get the new sdcard before the directly plugging in if that is easier to do.

Jeremy711
Posts: 5
Joined: Thu Jun 09, 2016 1:15 am

Re: Can't access WAN outside of my internal network with Jes

Fri Jun 10, 2016 9:28 pm

stderr wrote: I didn't see any discussion about other hardware. Are other devices working correctly, say a mobile phone running fing, can it see and ping everything and get out to the net? Do you have another linux box or something that you can test with? Can everyone ssh into everyone else and back out? Are you getting any errors with a flood ping? Is wifi, heaven forbid, involved in any of this? Make sure your network is working correctly locally before trying to get out. You've got to narrow down where the problem is or you'll endlessly spin your wheels.

If you've got it going on locally, everything is happy, then try again to get out. If that still doesn't work just from this pi and it does from everything else, then I'd simplify things by just having the pi directly plugged into the router and see if that works. If it still doesn't work, I'd find another sdcard and put a new copy of raspbian on there and see what happens. I might get the new sdcard before the directly plugging in if that is easier to do.
Thank you for your very in-depth reply. Fortunately, the problem is no where near as comprehensive as you have described in your above post. No computer on the subnet, as it turns out, can ping 8.8.8.8 or google.com; I was merely curious as to why this behavior was prohibited in my router's settings.

The real issue is now how can I get my RPi to have a static IP address without it breaking my internet. What is it about my config files that won't let my run sudo apt-get update? The only change I made to set a static IP in the RPi settings was made by editing the /etc/dhcpcd.conf file to look like:

Code: Select all

[email protected]:~ $ cat /etc/dhcpcd.conf
# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.

# Allow users of this group to interact with dhcpcd via the control socket.
#controlgroup wheel

# Inform the DHCP server of our hostname for DDNS.
hostname

# Use the hardware address of the interface for the Client ID.
clientid
# or
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
#duid

# Persist interface configuration when dhcpcd exits.
persistent

# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit

# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Most distributions have NTP support.
option ntp_servers
# Respect the network MTU.
# Some interface drivers reset when changing the MTU so disabled by default.
#option interface_mtu

# A ServerID is required by RFC2131.
require dhcp_server_identifier

# Generate Stable Private IPv6 Addresses instead of hardware based ones
slaac private

# A hook script is provided to lookup the hostname if not set by the DHCP
# server, but it should not be run by default.
nohook lookup-hostname

interface eth0

static ip_address=172.16.31.251/24
static routers=172.16.31.1
static domain_name_servers=172.16.31.1

interface wlan0

static ip_address=172.16.31.250/24
static routers=172.16.31.1
static domain_name_servers=172.16.31.1
(Important stuff is at the bottom, beginning at "interface eth0".)

When I began this thread, I assumed the static IP configuration I had set up was working the way it was meant to. That assumption was clearly wrong. I suppose my question has now morphed into: how can I set a static IP just using my Raspberry PI?

drgeoff
Posts: 9743
Joined: Wed Jan 25, 2012 6:39 pm

Re: Can't access WAN outside of my internal network with Jes

Fri Jun 10, 2016 9:59 pm

You still have not explained your subnets. What router are you using? Are you sure it supports what you are trying to do.

The most likely reason that things work when you don't put the static stuff in dhcpcd.conf is that the RPi then gets valid addresses for itself, the gateway and DNS from the router.

Jeremy711
Posts: 5
Joined: Thu Jun 09, 2016 1:15 am

Re: Can't access WAN outside of my internal network with Jes

Sat Jun 11, 2016 1:20 am

drgeoff wrote:You still have not explained your subnets. What router are you using? Are you sure it supports what you are trying to do.

The most likely reason that things work when you don't put the static stuff in dhcpcd.conf is that the RPi then gets valid addresses for itself, the gateway and DNS from the router.
It's pretty simple actually. All the devices in my house on the LAN were given an IPv4 address that looked like 172.XX.XX.XXX. I just created another subnet for just my RaspPi and computer that would ssh into it on an address that looked like 10.XX.XX.XXX. I then loosened the network permissions on that new subnet. So far, the router settings introduced on this new subnet have not in any way affected the performance of my RPi. They have differed none from the old capabilities of the 172 addresses.

I am considering starting a new topic about configuring a static IP address in RPi without it breaking/not working.

swampdog
Posts: 230
Joined: Fri Dec 04, 2015 11:22 am

Re: Can't access WAN outside of my internal network with Jes

Sat Jun 11, 2016 2:59 am

If it's not on the same subnet you need. NAT.

I hide my own network behind one. Unfortunately for yourself it is an old RPI running wheezy. One port is attached to my cable modem, the other (usb eth) to my internal network. Or it might be the other way around. It has worked for years.

Bearing in mind I have my own internal servers for everything - dhcp, dns, pxe, WSUS, etc here are my settings to get traffic in/out of our "intranet".

Code: Select all

iptables -F
 iptables -P INPUT DROP
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -i eth1 -j ACCEPT
 iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
 iptables -A INPUT -i eth0 -p tcp --dport 22 \
        -m state --state NEW,ESTABLISHED -j ACCEPT
 iptables -A INPUT -i eth0 -p tcp --dport 54320 \
        -m state --state NEW,ESTABLISHED -j ACCEPT

 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 iptables -A FORWARD -i eth0 -o eth1 \
        -m state --state RELATED,ESTABLISHED -j ACCEPT
 iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

 iptables -N FWI
 iptables -A FWI -j LOG --log-prefix="FWI: " --log-level 4
# iptables -A INPUT -j FWI

 iptables -N FWF
 iptables -A FWF -j LOG --log-prefix="FWF: " --log-level 4
 iptables -A FORWARD -j FWF

 iptables -N FWO
 iptables -A FWO -j LOG --log-prefix="FWO: " --log-level 4
# iptables -A OUTPUT -j FWO
eth0 is external (ISP), eth1 internal.

Dunno if the above helps at all.

drgeoff
Posts: 9743
Joined: Wed Jan 25, 2012 6:39 pm

Re: Can't access WAN outside of my internal network with Jes

Sat Jun 11, 2016 7:39 am

The OP still has not said what router and firmware he is using. I have never encountered a home router running stock firmware that can support 176.. and 10... subnets and have devices on both of them accessing the WAN simultaneously.

mfa298
Posts: 1387
Joined: Tue Apr 22, 2014 11:18 am

Re: Can't access WAN outside of my internal network with Jes

Sat Jun 11, 2016 8:57 am

Jeremy711 wrote: I actually had both the router and the RPi setting the IP to be static for redundancy's sake. I don't think it actually affected connectivity but I may revert back to just the RPi setting the static IP on its own... I've read that's preferable to letting your router do it but I've never understood why. As a side note, if anyone could explain this to me, I would be grateful.
Having the router/dhcp server provide the static ip / reservation is generally seen as preferable as it's
  • Usually easier to setup, and less prone to having errors
  • Less chance of IP collisions (and if a dhcp client device detects a collision it should get request an alternate address)
  • Means the Pi will still get a valid address if it's moved to a new network.
  • Makes changing network settings easier (I provide dns servers, dns domain/search path, ntp server lists via dhcp). Changing them is as easy as updating the config on the dhcp server.
drgeoff wrote:The OP still has not said what router and firmware he is using. I have never encountered a home router running stock firmware that can support 176.. and 10... subnets and have devices on both of them accessing the WAN simultaneously.
Some of the DrayTek routers appear to offer multiple subnets/vlans although my experience of anything other than a basic (1 directly connected network) setup has had issues.

Return to “Troubleshooting”