Cannot ping outside but can browse - browser

I can ping localhost and gateway, but I cannot ping outside in command line, e.g. google.com.
I can use the browser to browse everything, this works fine.
I tried to ssh to another server, but it fails as well.
Anyone knows what's wrong? Thanks in advance.

Maybe you have a firewall enabled for outgoing packets in your router or
Some times your Internet Service Provide disables the icmp packages a.k.a ping packets also some disables some of common ports as ssh all this done with a firewall that your provider have been setup. You can call your provider to open all those ports.

Related

Access Windows Server EC2 instance with WMI Exporter in Prometheus

does anyone know what i'm doing wrong here? i'm trying to access my windows-server 2019 ec2 node locally so i can successful collect metrics via WMI Exporter and point this at my prometheus instance.I'm trying to access port 9182 for WMI Exporter, and can connect fine via localhost on my remote widows instance, also the IPv4 Address on the same instance.I've also tried to configure the firewall port on the windows host 9182. When I try to access via localhost this returns This site can’t be reached, if i try via public address on both i get Can’t reach this page. Ive opened port 3389 inbound and all traffic ipv4 outbound. Any help would be great. I have also tried adding RDP Ip directly to the inbound security rules, yet still have the same issue. Many Thanks
After installing windows_exporter, the installer will create an inbound rule for windows_exporter itself. However it may be not enough and cause your issue for some reasons. See this similar issue.
Try to add a new inbound rule for the Windows firewall and let any programs can access the listening port (default 9182). That works for me.

Why does my vps reply to dns queries even if it has no dns server running?

I've got a cheap openvz Ubuntu vps and i'm trying to run my own dns server on it for learning purpose.
The dns server works fine in localhost (on the vps through ssh), i can query it using dig google.com #127.0.0.1 and i get the expected result (which is not the IP of google.com but a custom one).
When i try to query the dns server from outside the vps, using the same command, I do get a reply but the IP is not what I expect (it's an actual google.com IP).
After further investigation I found out my dns server is not receiving/sending packets when the query is done from outside the vps. So the answer is sent by something else, it seems like inbound packets with destination port 53 are deviated, they do not even reach my dns server.
I tried to query my dns server, still from outside, but this time while the VPS was SHUTDOWN. Magically i got a reply from god knows who.
Changing port from 53 to 54 everything works perfectly.
The problem is i need it to use port 53.
I don't have iptables rules nor any other firewall doing something related to port 53
I also tried to query some other random vps, from different hosting providers, seems like everyone has a dns server running! Why does everyone reply?
Of course i asked technical support, that's what they said:
Hello,
Sorry but we don't do "software" technical support on VPS.
We deliver the hosting and the operating systems, customers that order VPS are their own admins, and have to know how to manage a linux server.
We don't block any port on our side.
Best regards,
Support
Mybe your dns server is bound to the loopback interface only (so it's only listening on localhost). You can check the current service ports used (udp for DNS) using netstat and filter (grep) udp port used
netstat -an | grep ":53"
Also you can test the same dns query using the nslookup command, and checking the dns server ip that answer your dns query, in the result output:
nslookup google.com [dns_server_ip]
Also test it without dns_server_ip to check if there is a default nameserver when the specified nameserver is not responding.
Problem solved, it's my ISP intercepting and replying to dns queries.
I can do dig google.com #1.2.3.4 and i get a reply :D
Who wants to know more about this:
ISP Intercepting DNS Lookups

SSH Works For Some Hosts, Not For Others

I've been having problems SSHing into my work computer from home. I have been able to succesfully ssh into one of our web servers so I know the ssh daemon is working and my connection is at least allowing some ssh. But when I try to ssh to my work computer it times out.
I went to my University yesterday and I was able to succesfully ssh into both the web server and my work computer. I've looked into our firewall at work to see if there are any blocks on my IP but it isn't blocked.
My ISP is comcast if that helps at all. I've done a few google searches and some comcast customers say that comcast sometimes blocks file sharing ports such as the ssh port (22).
Any help would be appreciated. Thanks.
First check the /etc/hosts.deny file of your work computer. That may contain lines which might suggests that certain IP may be blocked. Then check /etc/hosts.allow file. You can add your home-computers outgoing IP to your work computers /etc/hosts.allow.
NOTE: This question should belong to superusers or serverfault. stackoverflow is for questions that involves coding...
There is not one single "ssh daemon"... there is one running on each host to which you connect successfully. If you cannot connect to a host there are two primary reasons:
There is no SSH daemon running on the host. In that case you will likely get "connection refused"
There is a firewall between you and the host, and it is not allowing port 22 to pass through. In that case you will likely get timeouts.
If you are trying to connect to a host behind a firewall from "outside", as you suggest, it is extremely likely that host is not reachable from the Internet. If the IP address of the "work computer" looks like 192.168.x.x or 172.[16-31].x.x or 10.x.x.x then it is an unroutable private address and you will not be able to reach it from the outside no matter what you do unless a specific port-forwarding rule is set up on the firewall; in that case you would be connecting to the firewall's IP address, not your target host.

How to enable Ping(ICMP) on Azure

In Windows Azure role, I cannot ping out
D:\Users\foglight>ping www.google.com
Pinging www.l.google.com [209.85.143.104] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 209.85.143.104:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
I google it and found some one suggest run below command, but even after run it, I still can not ping out
netsh advfirewall firewall add rule name="ICMPv6" dir=in action=allow enable=yes protocol=icmpv6
Please someone tell me the reason and how to walkaround.
I don't believe you can do this. Traffic leaving the data center goes through the load balancer, and the load balancer only routes TCP-based traffic.
I know this question is very old, but I stumbled upon it while facing the same issue and there is an actual solution for it now in Azure.
When setting up your Virtual machine you can assign it an "Instance IP address". Once that has been configured, you can enabled ICMP in and out in the local firewall. You will then be able to ping out of your Azure VM and also use tools like traceroute.
I had a similar problem. Needed to assign public IP to Azure VM in order to enable ICMP. I used set-azurepublicip and update-azurevm and resolved the issue.
I also had problems to do traceroutes from my azure VM and to ping it.
Just wanted to let you know, that after you have a public IP assigned to the VM (which is in many cases the default), you also need to add ICMP Rules to your network security groups (NSG) (if you have any, which you should).
If you have a NSG on the vnet and a NSG on the VM network interface, you should create 4 rules that allow ICMP (vnet-in, vnet-out, vm-in, vm-out).
Selecting "Any" as protocol, will not work.
The default rule for internet access seems to be not sufficient.
You need to select ICMP. "Any" seems to be only UDP+TCP.
I set the source and destination port to "*" (not sure if it even has any effect if ICMP is selected).
After that and a little wait (~1-2 min), I could ping and trace in every direction :)

xampp server (How to get up and running)

I've been developing locally on a little ubuntu netbook with xampp for about 7 months. Two weeks ago I got a computer I'd like to use as a server. I've installed the latest Ubuntu distribution and xampp, moved all my files over, and forwarded port 80. I've also got a domain name from dyndns.com which is being updated by a client which runs in my router (a Netgear WGR6154 v8).
Now, when I try to access my server by typing in the address I got from dyndns.com the browser loads until it timesout. I can access everything locally using localhost as the address so I believe xampp is running, just unable to connect with the internet.
In order to be able to view my files over the internet what should I do next?
Thanks to all in advance...
[I'm starting a bounty for the first person to help me get my files successfully online]
You have a combination of issues here, and that is something of a problem. Each issue is complex in an of itself. Here is what I would recommend to get you going for certain.
First verify that you can surf the web from your server. This will confirm that you have a working ethernet interface.
Step 1 make sure that XAMPP, and your files are viewable from your home network. I assume you are using something like 192.168.1.X for your network and perhaps your server is 192.168.1.10
Go to another computer in your house and type http://192.168.1.10/ and see if you can see your files. If you can then you know that the server is properly configured and XAMPP is working.
Then add an entry to your hosts file to resolve yourdnsrecord.com (or whatever your dyndns record is) to your private ip address. Then when you type yourdnsrecord.com into a browser from that computer you should still get your files. This will rule out your server being improperly configured to listen for that domain name.
Next you need to test to see if there is a firewall problem. To simplify this, first remove your home router from the equation. Instead, place your new server directly onto your internet connection. (assuming you can). This way, you do not need to have NAT or firewalls properly configured. Your dyndns name should map to a public IP and your server should then have that IP and be connected directly to the Internet. If you have your server directly connected, and the command ifconfig from the root prompt returns the same public IP address that your dynamic dns record is point to, then it should work.
It will make your life easier if you have an iphone or some other way to test how your network is seen from the Internet.
If your public IP as shown by ifconfig is different than the IP record in your dyndns account, then your dynamic dns update script is broken. manually set the IP, and see if things work.
It is very possible that this will not work. Some ISPs firewall port 80 preventing their subscribers from hosting servers. Once you have your server directly connected to the internet you can test this (even if your dns is not working) by using the public IP address. As root, type ifconfig from the command prompt to get your public ip address. Then type the command tcpdump -i eth? port 80 from the root prompt. eth? needs to be the same interface that you saw had a public IP address from the ifconfig command. usually this is eth0 but it might be wire0 or something like that.
This command will show you all traffic coming on port 80 to your server.
From an iphone (or whatever second Internet connection you have) browse to the IP address that you got from your ifconfig command. If you see something on your server (and it is directly connected to your ISP) then your ISP is not firewalling you.
If you can get to your server, when it is directly connected to the Internet, either by IP address or by DynDNS address, then your ISP is OK and it is time to debug your firewall.
Two things need to work for your firewall to be configured NAT, where the public address that your router gets from your ISP is converted into your private network and a firewall rule which permits that traffic. If you get this far, then you know your firewall is the problem and then it is just a matter of getting its configuration correct. There are far to many home routers to document here, but you usually can find how-to instructions for your router for this task from the manufacturers website (usually it is part of the manual)
If you follow these instructions exactly you will get your system working. Make comments on the process and I will be happy to modify this to make it clearer.
HTH,
-FT
You should make sure your xampp is not listening to only the localhost.
to do so edit your apache configuration file and check and search for Listen directive
you should be able to know also by analysing the output of netstat -a.
After that make sure your router is forwarding properly, using tcpdump would help.
drop me a comment if you need more help.
Cheers

Resources