3

Since I upgraded my HP Proliant Server from Ubuntu 10.04 to 12.04, I am unable to:

  • ping google.com
  • ping 8.8.8.8
  • browse the internet with Firefox
  • git fetch origin
  • cap deploy from a remote machine

I can however see my Rails application running on this server when I access it via its ip address within our corporate network.

I see the Networking icon in the GUI but "Wired Network" is greyed out.

Here is some other relevant info, based on the numerous similar but non-resolving threads I've browsed here at AU:

dean@dgwjasonfried:~$ ifconfig

eth0      Link encap:Ethernet  HWaddr 1c:c1:de:fa:cd:9f  
          inet addr:10.24.5.50  Bcast:10.24.5.255  Mask:255.255.255.0
          inet6 addr: fe80::1ec1:deff:fefa:cd9f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:40735 errors:0 dropped:0 overruns:0 frame:0
          TX packets:77215 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2806140 (2.8 MB)  TX bytes:113945803 (113.9 MB)
          Interrupt:19 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:22 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1872 (1.8 KB)  TX bytes:1872 (1.8 KB)

dean@dgwjasonfried:~$ lspci -nn | grep Ethernet

1e:00.0 Ethernet controller [0200]: Broadcom Corporation NetXtreme BCM5723 Gigabit Ethernet PCIe [14e4:165b] (rev 10)

/etc/network/interfaces:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp

/etc/resolv.conf:

domain dgw.ame.molex.com
search dgw.ame.molex.com
nameserver 10.24.2.171
nameserver 10.45.2.171

**Updated 3/19/13, after trying to follow some of the advice give in responses below and elsewhere:

dean@dgwjasonfried:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search dgw.ame.molex.com
domain dgw.ame.molex.com
search dgw.ame.molex.com
nameserver 10.24.2.171
nameserver 10.45.2.171

**end of update

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.24.5.1       0.0.0.0         UG    0      0        0 eth0
10.24.5.0       0.0.0.0         255.255.255.0   U     1      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0

**Updated to show NetworkManager.conf and evidence that the resolv.conf symlink is working for me

dean@dgwjasonfried:~$ cat /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile
dns=dnsmasq

[ifupdown]
managed=true

dean@dgwjasonfried:~$ ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 29 Mar 18 09:33 /etc/resolv.conf -> ../run/resolvconf/resolv.conf

**Updated to show latest resolv.conf after I deleted original in /etc/resolvconf/resolv.conf.d and cleared out the copy of original that was sitting in tail, then rebooted:

dean@dgwjasonfried:/etc/resolvconf/resolv.conf.d$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search dgw.ame.molex.com

Note that the nameserver entries listed in an earlier resolv.conf version above are now gone. Also note that whereas I was briefly able to get ping google.com to resolve the ip address for google.com (but still not receive any packets back) I'm now back to my original situation where I get 'unknown host google.com'.

**end of update

I'd be grateful for any help you could supply or suggestions you might have.

Thanks!

Dean Richardson

Dean Richardson
  • 81
  • Commenting the auto eth0 and iface eth0 - lines from /etc/network/interfaces will make eth0 appear at network-manager. Then add your nameservers graphically. – aquaherd Mar 11 '13 at 21:56
  • Thanks, aquaherd. You meant "commenting out"... correct? Also, when you say "add your nameservers graphically" do you mean through the Ubuntu desktop GUI? Can you please clarify that point for me? – Dean Richardson Mar 12 '13 at 21:18
  • Yes, I meant commenting out. I was wrong, there is no graphical nameserver GUI yet, unless you use a fixed IP-address. man 8 resolvconf might help you from there if your nameservers can't be retrieved from the DHCP-server. Manual edits of resolv.conf seem to be deprecated in favour of a resolvconf package that also provides DNS caching and adds some security against DNS spoofing. See also this question: http://askubuntu.com/questions/239169 – aquaherd Mar 13 '13 at 11:33
  • 1
    I guess you have a problem with your routing table. Could you provide the output of route -n? – Huygens Mar 14 '13 at 14:18
  • I have exactly the same problem. Also an HP Proliant Microserver using the Broadcom NetXtreme (BCM5723) Ethernet controller. –  Mar 14 '13 at 13:35
  • Updated the post to add the output of route -n – Dean Richardson Mar 14 '13 at 21:09
  • I am suspecting a driver problem. This similar problem was solved by getting a new driver. (I have now installed 10.04 which works fine, so will not be pursuing a solution for this problem for now) –  Mar 19 '13 at 12:56

3 Answers3

4

I think it would be beneficial to step back, teach a man how to fish instead of just telling you what's wrong.

There are many components involved in making a good network connection

  • It can be the hardware: ethernet card, cable contacts, network interface on your directly connected switch, etc.
  • It can be the low level software: the kernel driver for your network card
  • It can be your routing table
  • It can be DNS

And these are all dependent on each other from the bottom up, e.g. if you can't route packets correctly, you can't reach your DNS service.

There's only one (sane) way to pinpoint the issue that I know of: one by one, by elimination.

One sentence stands out in your description:

I can however see my Rails application running on this server when I access it via its ip address within our corporate network.

It is great that you tried this. This piece of information is golden because it eliminates many possible causes. It means that your hardware and your (kernel) drivers and the connections inside the corporate network all look fine. This is also confirmed by the fact that the ifconfig output shows packets being sent and received and no (zero) errors, collisions, or retransmissions. At this point I'm sure your issue is in your configuration only.

I notice that your internal DNS server is at (non-public) IP: 10.24.2.171, this is not on your immediate subnet 10.24.5.0, you can tell this by this ifconfig output line:

inet addr:10.24.5.50  Bcast:10.24.5.255  Mask:255.255.255.0

Note that your mask leaves only the last of the 4 octets as 0, meaning you're broadcasting only over the 10.24.5.x subnet. You may not have a full route to your internal DNS server.

The experiment I would do now would be to try and verify the routes to your essential components:

  1. Your gateway 10.24.5.1
  2. Your name server 10.24.2.171

It is essential to do these by IP since we don't yet know if your DNS server is ok and if you can talk to it.

# first traceroute the gateway:
traceroute 10.24.5.1

If this fails with an error like no route to host or destination is unreachable, it is almost certain that your issue is in the routing table. If it is successful you've just made a huge step forward because routing is a big subject by itself.

# if successful traceroute the DNS server
traceroute 10.24.2.171

If this fails, your issue may be that the netmask is too restrictive. Try to change it to 255.255.0.0. You can set this in /etc/network/interfaces by adding:

netmask 255.255.0.0

under eth0.

Once you fixed this, you would need to restart your network:

sudo /etc/init.d/networking restart

HTH

arielf
  • 2,823
  • Both traceroutes are successful:

    dean@dgwjasonfried:~$ traceroute 10.24.5.1 traceroute to 10.24.5.1 (10.24.5.1), 30 hops max, 60 byte packets 1 10.24.5.1 (10.24.5.1) 3.513 ms * * dean@dgwjasonfried:~$ traceroute 10.24.2.171 traceroute to 10.24.2.171 (10.24.2.171), 30 hops max, 60 byte packets 1 10.24.5.1 (10.24.5.1) 1.763 ms 2.008 ms 2.031 ms 2 dgwdc01.molex.com (10.24.2.171) 0.172 ms * *

     – Dean Richardson Mar 19 '13 at 16:23
  • 1
    Great, this is big progress. So you can reach your DNS server @10.24.2.171 but seem to have no DNS service? Check your DNS by using a hostname: host some-internal-server-name does this work? Can you traceroute all the way to google's DNS service 8.8.8.8 ? – arielf Mar 19 '13 at 16:52
  • dean@dgwjasonfried:~$ host ameisaarray.molex.com ameisaarray.molex.com has address 10.45.2.103 dean@dgwjasonfried:~$ traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 10.24.5.1 (10.24.5.1) 1.412 ms 1.405 ms 1.396 ms 2 10.24.24.2 (10.24.24.2) 0.754 ms 0.760 ms 0.978 ms 3 68.139.63.129 (68.139.63.129) 10.173 ms 10.409 ms 10.404 ms 4 68.136.88.41 (68.136.88.41) 13.867 ms 13.405 ms 13.675 ms 5 68.136.88.42 (68.136.88.42) 9.630 ms 9.867 ms 9.864 ms 6 10.1.64.2 (10.1.64.2) 10.561 ms 9.886 ms 10.110 ms 7 * * * – Dean Richardson Mar 19 '13 at 17:49
  • I get about 23 more lines with * * * down to line 30, and the command completes. – Dean Richardson Mar 19 '13 at 17:50
  • So everything seems to work fine. Your name-server responds, and you have a full route to external addresses. Can you try ping 8.8.8.8 and ping google.com again? – arielf Mar 20 '13 at 02:10
  • Nope, no luck. Could my corporate firewall be blocking it? I have http_proxy set, but still... – Dean Richardson Mar 20 '13 at 14:42
  • Hi Dean, I did some more reading. I strongly suspect that the issue is internal vs external DNS related to changes which broke DNS for many people in the 12.04 upgrade. There's treasure trove of information on this issue and possible solutions with links to official bugs and workarounds in this web page: https://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/ I would take my time and try the suggestions there. HTH. – arielf Mar 21 '13 at 05:46
  • if ping -n 8.8.8.8 works, but dropping the -n doesn't, it would specifically indicate a DNS issue. This is good news since hardware, software, connectivity and routing seem all fine. Only DNS is broken. – arielf Mar 21 '13 at 05:50
1

One of the problems is that resolvconf did not get configured properly. Ref: https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/1000244. To fix this, run

    sudo dpkg-reconfigure resolvconf

This, however, can't be the reason that you cannot ping other machines by IP address.

jdthood
  • 12,467
  • When I issue the sudo dpkg-reconfigure resolvconf command in the terminal, I get a screen of text with at the bottom. Unfortunately, this screen doesn't respond to any further input, so I can't page down to see the prompt to accept the option to create the symlink to /run/resolvconf/resolv.conf. Also, it appears this symlink exists for me already. – Dean Richardson Mar 18 '13 at 20:33
  • If the symbolic link /etc/resolv.conf -> ../run/resolvconf/resolv.conf already exists then, it's true, you don't need to run sudo dpkg-reconfigure resolvconf. 2. That you can't successfully run sudo dpkg-reconfigure resolvconf when you try surprises me. 3. I am surprised that the symbolic link exists because the resolv.conf that you showed was not written by the resolvconf utility. Is some other network interface configuration utility installed on the server which overwrites /etc/resolv.conf? If so then that may be implicated in the other trouble you are having.
    • – jdthood Mar 19 '13 at 09:08
  • I updated the original post to display my current resolv.conf, which now appears to be managed by the resolvconf utility and displays some extraneous-looking content. This comes after commenting out dns=dnsmasq in NetworkManager.conf, then uncommenting it when the change didn't appear to help. – Dean Richardson Mar 19 '13 at 14:12
  • Any suggestions on why the sudo dpkg-reconfigure resolvconf process didn't work for me? That worries me too. – Dean Richardson Mar 19 '13 at 14:13
  • 1
    OK, the latest resolv.conf looks correct: it has the two familiar resolvconf comment lines, a search line and a nameserver line. The nameserver line has address 127.0.0.1, the loopback IP address where the NetworkManager-controlled instance of dnsmasq is presumably listening. If you comment out dns=dnsmasq and then do sudo restart network-manager you should instead see a non-loopback nameserver address on the nameserver line in resolv.conf; that's the nameserver address obtained from the DHCP server. While debugging I recommend you keep dns=dnsmasq commented out. – jdthood Mar 19 '13 at 21:00
  • I managed to get sudo dpkg-reconfigure resolvconf to run and post the prompt for the symlink by first executing dpkg-reconfigure debconf and setting the options to display on the command line. – Dean Richardson Mar 19 '13 at 21:04
  • in the meantime, following related answers elsewhere on ask ubuntu, I tried replacing dhcp with static in /etc/network/interfaces and manually supplying the dns-nameservers and other data. I also set an option flag that allowed nameserver lines after the 127 in resolv.conf. That led to

    nameserver 127.0.0.1 nameserver 10.24.2.171 nameserver 10.45.2.171 search dgw.ame.molex.com

    After restarting network-manager and rebooting, still no luck pinging anything. So I'll now undo those changes and restore the original dhcp settings and try what you've suggested.

     – Dean Richardson Mar 19 '13 at 21:09
  • commenting out dns=dnsmasq in NetworkManager.conf and restoring dhcp in place of static in /etc/network/interfaces, restarting network-manager resulted in a resolv.conf containing:

    Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) DO NOT EDIT THIS FILE BY HAND... nameserver 127.0.0.1 search dgw.ame.molex.com

    In other words, it's acting like dns=dnsmasq is still uncommented-out.

     – Dean Richardson Mar 19 '13 at 21:17
  • Aha. We have to fix that. Where is that 127.0.0.1 coming from? There are four possibilities. 1. Do you have the "dnsmasq" package (not to be confused with the dnsmasq-base package on which network-manager depends) installed? If so, purge it: sudo apt-get purge dnsmasq. 2. Do you have the bind9 package installed? If so, purge it (unless you need it, of course). 3. Does one of the files in /etc/resolvconf/resolv.conf.d/ contain a nameserver 127.0.0.1 line? If so, remove the line. 4. Is your DHCP server badly configured to provide nameserver address 127.0.0.1? If so, fix it. Then reboot. – jdthood Mar 20 '13 at 08:53
  • 1
    Also note that it is safest to use either NetworkManager or ifupdown and not a mixture of the two. If you choose to use ifupdown then you should purge the network-manager package and configure your interfaces in /etc/network/interfaces. If you choose to use NetworkManager then /etc/network/interfaces should contain only the stanza for the lo interface and you should configure all interfaces^Wconnections with the NM Connection Editor. – jdthood Mar 20 '13 at 09:03
  • Tried to purge dnsmasq. Got "Package dnsmasq is not installed, so not removed." – Dean Richardson Mar 20 '13 at 14:47
  • Succesfully purged bind9. – Dean Richardson Mar 20 '13 at 14:49
  • None of the files (base, head, tail, original) contains a nameserver 127.0.0.1. – Dean Richardson Mar 20 '13 at 14:50
  • I'm afraid I don't know how I'd go about fixing my DHCP server. Any suggestions on that? – Dean Richardson Mar 20 '13 at 14:51
  • Probably it was bind9 that was adding 127.0.0.1. Now reboot and resolv.conf should show another nameserver address. – jdthood Mar 20 '13 at 16:19