rahnmat
Posts: 9
Joined: Wed Jan 24, 2018 9:27 pm

One-way pinging/route tracing problem within the same LAN

Sun Jul 01, 2018 6:27 pm

I'v got a Raspberry pi 3 (hostname raspberrypi), a Windows 10 workstation (hostname rahnmat-pc) and an Arch Linux laptop (hostname rahnmat-x200) hooked together so that the Raspberry pi acts as a router that also provides internet access via an Android usb-theter.

The Raspberry pi has DNS/DHCP server functionality provided with dnsmasq, wifi-ap provided with hostapd and the networking interfaces (ethernet and wlan) are configured with dhcpcd. The Ethernet is on 10.0.0.1/24 subnet and the Wlan is on 10.0.1.1/24 subnet.

When I connect the pc to the ethenet port and configure the laptop to connect to the right wifi network, everything works great - I get internet acces on both devices, and the leased ip addresses are within the right ranged (e.g. the windows workstation get's an address within the range 10.0.0.2 - 10.0.0.30 and laptop within the range 10.0.1.2 - 10.0.1.30).

However the problem occurs when I try to ping the workstation from the laptop, it just times out. However I'm able to ping the laptop and the workstation from the raspberry pi and I'm also able to ping the raspberry pi and the laptop from the workstation. On top of this, traceroute/tracepath from the laptop to the workstation and the raspberry pi to the workstation dos not work, but tracert from the workstation to the raspberry pi and the laptop works.

I try to explain this in other words also:

Windows workstation:
- Has an Ethernet interface with an ip within the range 10.0.0.2 - 10.0.0.30 provided with dhcp just as it should have by the way I set up dnsmasq
- Can ping and trace route to raspberry pi (both interfaces) and to the laptop

Raspberry pi
- Has one Ethernet interface and one Wlan interface with static IP's (10.0.0.1/24 and 10.0.1.1/24) just as it should have by the way I set up dhcpcd
- Can ping the laptop and the workstation, canno't trace route to the workstation but can trace the route to the laptop

Arch laptop
- Has one Wlan interface with an ip within the range 10.0.1.2 - 10.0.1.30 provided with dhcp just as it should have by the way I set up dnsmasq
- Can't ping the workstation, can't trace path to the workstation. Can ping and trace path to the raspberry pi (both interfaces)

The output for different commands on the rasbperry pi:

Code: Select all

[email protected]:~$ traceroute rahnmat-pc
traceroute to rahnmat-pc (10.0.0.14), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6 ^C

Code: Select all

[email protected]:~ $ ping rahnmat-pc -c 5
PING rahnmat-pc (10.0.0.14) 56(84) bytes of data.
64 bytes from RAHNMAT-PC (10.0.0.14): icmp_seq=1 ttl=128 time=0.578 ms
64 bytes from RAHNMAT-PC (10.0.0.14): icmp_seq=2 ttl=128 time=0.573 ms
64 bytes from RAHNMAT-PC (10.0.0.14): icmp_seq=3 ttl=128 time=0.801 ms
64 bytes from RAHNMAT-PC (10.0.0.14): icmp_seq=4 ttl=128 time=0.589 ms
64 bytes from RAHNMAT-PC (10.0.0.14): icmp_seq=5 ttl=128 time=0.622 ms

--- rahnmat-pc ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4143ms
rtt min/avg/max/mdev = 0.573/0.632/0.801/0.090 ms

Code: Select all

[email protected]:~ $ traceroute rahnmat-x200
traceroute to rahnmat-x200 (10.0.1.11), 30 hops max, 60 byte packets
 1  rahnmat-X200 (10.0.1.11)  4.496 ms  4.947 ms  5.017 ms
And on the laptop

Code: Select all

[[email protected]][~]% ping rahnmat-pc
PING rahnmat-pc (10.0.0.14) 56(84) bytes of data.
^C
--- rahnmat-pc ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5065ms

Code: Select all

[[email protected]][~]% tracepath rahnmat-pc
 1?: [LOCALHOST]                      pmtu 1500
 1:  _gateway                                              2.172ms 
 1:  _gateway                                             18.844ms 
 2:  no reply
 3:  no reply
^C

Code: Select all

[[email protected]][~]% tracepath raspberrypi
 1:  raspberrypi                                           0.072ms reached
     Resume: pmtu 65535 hops 1 back 1 
And for on the workstation:

Code: Select all

C:\Users\Matti Rahnasto>ping 10.0.1.11

Pinging 10.0.1.11 with 32 bytes of data:
Reply from 10.0.1.11: bytes=32 time=4ms TTL=63
Reply from 10.0.1.11: bytes=32 time=4ms TTL=63
Reply from 10.0.1.11: bytes=32 time=4ms TTL=63
Reply from 10.0.1.11: bytes=32 time=4ms TTL=63

Ping statistics for 10.0.1.11:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 4ms, Maximum = 4ms, Average = 4ms

Code: Select all

C:\Users\Matti Rahnasto>tracert 10.0.1.11

Tracing route to rahnmat-X200 [10.0.1.11]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.0.0.1
  2     4 ms     1 ms     1 ms  rahnmat-X200 [10.0.1.11]

Trace complete.

So I think the problem has to have something to with how the raspberry pi handles the packages. However I'm unable to debug since to all my knowledge everything should be set up just as it should. Can anyone help me to find the solution?
Last edited by rahnmat on Sun Jul 01, 2018 6:44 pm, edited 3 times in total.

SurferTim
Posts: 1769
Joined: Sat Sep 14, 2013 9:27 am
Location: Miramar Beach, Florida

Re: One-way pinging/route tracing problem within the same LAN

Sun Jul 01, 2018 6:39 pm

Do you have a masquerade? Post the masquerade you are using.

If your masquerade is correct, you should be able to ping the ethernet devices from the wlan, but not the other way. They are not the same LAN.

rahnmat
Posts: 9
Joined: Wed Jan 24, 2018 9:27 pm

Re: One-way pinging/route tracing problem within the same LAN

Sun Jul 01, 2018 6:58 pm

Where do you find those? With iptables?

Code: Select all

[email protected]:~ $ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[email protected]:~ $ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
The only change I've made to the IP tables is the one required to set up the router properly:

Code: Select all

[email protected]:~ $ cat /etc/iptables.ipv4.nat
# Completed on Fri Jan 26 21:15:29 2018
# Generated by iptables-save v1.6.0 on Fri Jan 26 21:15:29 2018
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [14:850]
:POSTROUTING ACCEPT [2:96]
-A POSTROUTING -o usb0 -j MASQUERADE
COMMIT
# Completed on Fri Jan 26 21:15:29 2018
This one is mentioned here: https://www.raspberrypi.org/documentati ... s-point.md

SurferTim
Posts: 1769
Joined: Sat Sep 14, 2013 9:27 am
Location: Miramar Beach, Florida

Re: One-way pinging/route tracing problem within the same LAN

Sun Jul 01, 2018 7:17 pm

You may have a route problem. What are the gateways on each subnet?
Edit: should be
eth0 = 10.0.0.1
wlan0 = 10.0.1.1
Those should be the IP addresses assigned to those interfaces on the RPi.

What IP does the usb tether have?

rahnmat
Posts: 9
Joined: Wed Jan 24, 2018 9:27 pm

Re: One-way pinging/route tracing problem within the same LAN

Sun Jul 01, 2018 7:28 pm

Edit: should be
eth0 = 10.0.0.1
wlan0 = 10.0.1.1
Those should be the IP addresses assigned to those interfaces on the RPi.
Yes, this is how I have the thing set up. The gateways for the interfaces on the laptop and the workstation are those that you mentioned, I've also got those ip's as the addressees of the RPi's interfaces.
What IP does the usb tether have?

Code: Select all

[email protected]:~ $ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.1  netmask 255.255.255.0  broadcast 10.0.0.255
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.1.1  netmask 255.255.255.0  broadcast 10.0.1.255
usb0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.42.89  netmask 255.255.255.0  broadcast 192.168.42.255

SurferTim
Posts: 1769
Joined: Sat Sep 14, 2013 9:27 am
Location: Miramar Beach, Florida

Re: One-way pinging/route tracing problem within the same LAN

Sun Jul 01, 2018 7:37 pm

Post the output of

Code: Select all

route
on the RPi.

User avatar
DougieLawson
Posts: 35373
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: One-way pinging/route tracing problem within the same LAN

Sun Jul 01, 2018 7:48 pm

With a netmask of /24 (255.255.255.0) you've got two discrete subnets (10.0.0.0/24 & 10.0.1.0/24). Without some routing between the two one network can't see the other.

You could change the netmask to /23 (255.255.254.0) to get it to work without a router.
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

SurferTim
Posts: 1769
Joined: Sat Sep 14, 2013 9:27 am
Location: Miramar Beach, Florida

Re: One-way pinging/route tracing problem within the same LAN

Sun Jul 01, 2018 8:21 pm

If the routing is working ok, it will route ok.

The routing will select the route with the smallest subnet (largest subnet mask) that includes the destination IP first. If equal subnets, it picks the one with the lowest metric.

The route output should determine if the routes are assigned ok.

rahnmat
Posts: 9
Joined: Wed Jan 24, 2018 9:27 pm

Re: One-way pinging/route tracing problem within the same LAN

Sun Jul 01, 2018 9:49 pm

SurferTim wrote:
Sun Jul 01, 2018 7:37 pm
Post the output of

Code: Select all

route
on the RPi.

Code: Select all

[email protected]:~ $ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.42.129  0.0.0.0         UG    209    0        0 usb0
10.0.0.0        0.0.0.0         255.255.255.0   U     202    0        0 eth0
10.0.1.0        0.0.0.0         255.255.255.0   U     303    0        0 wlan0
192.168.42.0    0.0.0.0         255.255.255.0   U     209    0        0 usb0

SurferTim
Posts: 1769
Joined: Sat Sep 14, 2013 9:27 am
Location: Miramar Beach, Florida

Re: One-way pinging/route tracing problem within the same LAN

Sun Jul 01, 2018 9:54 pm

That routing table should work.
You should be able to ping anything in 10.0.0.0/24 from 10.0.1.0/24.
You should be able to ping anything in 10.0.1.0/24 from 10.0.0.0/24.

As long as the gateways on each client device is the IP for that interface on the RPi.

I know. I use it. I use two wifi devices with an ethernet connection.

Edit: Can you ping 10.0.0.1 from the 10.0.1.x localnet?
Can you ping 10.0.1.1 from the 10.0.0.x localnet?

rahnmat
Posts: 9
Joined: Wed Jan 24, 2018 9:27 pm

Re: One-way pinging/route tracing problem within the same LAN

Mon Jul 02, 2018 5:36 am

SurferTim wrote:
Sun Jul 01, 2018 9:54 pm
Edit: Can you ping 10.0.0.1 from the 10.0.1.x localnet?
Can you ping 10.0.1.1 from the 10.0.0.x localnet?
Yes, I can ping 10.0.0.1 and 10.0.1.1 from the laptop and the workstation.

SurferTim
Posts: 1769
Joined: Sat Sep 14, 2013 9:27 am
Location: Miramar Beach, Florida

Re: One-way pinging/route tracing problem within the same LAN

Mon Jul 02, 2018 10:13 am

rahnmat wrote:
SurferTim wrote:
Sun Jul 01, 2018 9:54 pm
Edit: Can you ping 10.0.0.1 from the 10.0.1.x localnet?
Can you ping 10.0.1.1 from the 10.0.0.x localnet?
Yes, I can ping 10.0.0.1 and 10.0.1.1 from the laptop and the workstation.
Then your routing is working. You should be able to ping anything on either network.

rahnmat
Posts: 9
Joined: Wed Jan 24, 2018 9:27 pm

Re: One-way pinging/route tracing problem within the same LAN

Mon Jul 02, 2018 10:23 am

SurferTim wrote:
Mon Jul 02, 2018 10:13 am
rahnmat wrote:
SurferTim wrote:
Sun Jul 01, 2018 9:54 pm
Edit: Can you ping 10.0.0.1 from the 10.0.1.x localnet?
Can you ping 10.0.1.1 from the 10.0.0.x localnet?
Yes, I can ping 10.0.0.1 and 10.0.1.1 from the laptop and the workstation.
Then your routing is working. You should be able to ping anything on either network.
This is what I got when I try to ping the workstation from the laptop:

Code: Select all

[[email protected]][~]% ping 10.0.0.14 -c 5
PING 10.0.0.14 (10.0.0.14) 56(84) bytes of data.

--- 10.0.0.14 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4051ms

[[email protected]][~]% tracepath 10.0.0.14
 1?: [LOCALHOST]                      pmtu 1500
 1:  _gateway                                              5.418ms 
 1:  _gateway                                              2.171ms 
 2:  no reply
 3:  no reply
^C
And this is what I get from the pi to the workstation:

Code: Select all

[email protected]:~ $ ping 10.0.0.14 -c 5
PING 10.0.0.14 (10.0.0.14) 56(84) bytes of data.
64 bytes from 10.0.0.14: icmp_seq=1 ttl=128 time=0.650 ms
64 bytes from 10.0.0.14: icmp_seq=2 ttl=128 time=0.732 ms
64 bytes from 10.0.0.14: icmp_seq=3 ttl=128 time=0.764 ms
64 bytes from 10.0.0.14: icmp_seq=4 ttl=128 time=0.721 ms
64 bytes from 10.0.0.14: icmp_seq=5 ttl=128 time=0.494 ms

--- 10.0.0.14 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4121ms
rtt min/avg/max/mdev = 0.494/0.672/0.764/0.097 ms


[email protected]:~ $ traceroute 10.0.0.14
traceroute to 10.0.0.14 (10.0.0.14), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
So yeah, appart from this problem everything is working great. However I think I should be able to ping the workstation from the laptop just as I'm able to ping the laptop from the workstation.

SurferTim
Posts: 1769
Joined: Sat Sep 14, 2013 9:27 am
Location: Miramar Beach, Florida

Re: One-way pinging/route tracing problem within the same LAN

Mon Jul 02, 2018 11:24 am

Have you tried any other devices on the workstation's localnet?

epoch1970
Posts: 3056
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: One-way pinging/route tracing problem within the same LAN

Mon Jul 02, 2018 11:40 am

Make sure "cat /proc/sys/net/ipv4/ip_forward"
returns 1.
Otherwise routing is not set up. You can "echo 1 > ...." or set ip_forward to 1 in sysctl.conf to make the setting persistent.

On linux by default an interface will ARP-reply on behalf of any other local interface, being able to ping is not proof enough that packets would actually go across interfaces.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

pksato
Posts: 295
Joined: Fri Aug 03, 2012 5:25 pm
Location: Brazil

Re: One-way pinging/route tracing problem within the same LAN

Mon Jul 02, 2018 11:51 am

Hi,
Create a new rule on windows firewall to accept ICMP Echos and others related to ping and traceroute. Or just disable windows firewall.
Do same on Arch Linux.

Some debug procedures.

Code: Select all

O RPi,
iptables -I FORWARD -t mangle -i wlan0 -o eth0 -j LOG
iptables -I FORWARD -t mangle -i eth0 -o wlan0 -j LOG
Its log any traffic between wlan0 and eth0, you ca see this log using dmesg command or on system log.
On arch, enable any input log
iptables -I INPUT -t mangle -j LOG
I not familiar with windows, can create some kind of alert on windows firewall.
To disable log, replace -I for -D

SurferTim
Posts: 1769
Joined: Sat Sep 14, 2013 9:27 am
Location: Miramar Beach, Florida

Re: One-way pinging/route tracing problem within the same LAN

Mon Jul 02, 2018 11:55 am

I had not considered epoch1970's suggestion. I do have ip forwarding enabled because one of my wifi devices is an AP.

rahnmat
Posts: 9
Joined: Wed Jan 24, 2018 9:27 pm

Re: One-way pinging/route tracing problem within the same LAN

Tue Jul 03, 2018 7:44 am

pksato wrote:
Mon Jul 02, 2018 11:51 am
Some debug procedures.
Thanks for the help, iptables is not so familiar to me but now with this I was able to log the traffic on the Pi. It seems that the problem after all might have something to do with the windows workstation and how it handles the ping requests.

While pinging the laptop from the workstation I get this kind of log output:

Code: Select all

Jul  3 10:36:45 rahnmat-pi kernel: [73451.919450] IN=eth0 OUT=wlan0 SRC=10.0.0.14 DST=10.0.1.11 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5530 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=8
Jul  3 10:36:45 rahnmat-pi kernel: [73451.919525] IN=eth0 OUT=wlan0 SRC=10.0.0.14 DST=10.0.1.11 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5530 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=8
Jul  3 10:36:45 rahnmat-pi kernel: [73451.947614] IN=wlan0 OUT=eth0 SRC=10.0.1.11 DST=10.0.0.14 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=32785 PROTO=ICMP TYPE=0 CODE=0 ID=1 SEQ=8
Jul  3 10:36:45 rahnmat-pi kernel: [73451.947650] IN=wlan0 OUT=eth0 SRC=10.0.1.11 DST=10.0.0.14 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=32785 PROTO=ICMP TYPE=0 CODE=0 ID=1 SEQ=8
That should be the echo request from the workstation to the laptop and a proper response passing by.

However while pinging from the laptop I only get this:

Code: Select all

Jul  3 10:37:21 rahnmat-pi kernel: [73488.099880] IN=wlan0 OUT=eth0 SRC=10.0.1.11 DST=10.0.0.14 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=36747 DF PROTO=ICMP TYPE=8 CODE=0 ID=20143 SEQ=15
There is no response.
pksato wrote:
Mon Jul 02, 2018 11:51 am
Create a new rule on windows firewall to accept ICMP Echos and others related to ping and traceroute. Or just disable windows firewall.
Do same on Arch Linux.
I tried to disable the windows firewall altogether but it didn't help - but at the beginning I had the ICMP Echos enabled since I knew that this could be a solution to the issue. This is why I also though the problem is the Pi but with your help I was able to debug a little further. Thanks, now I need to check the workstation a bit more closer.

Return to “Troubleshooting”