Can not ping but traceroute works

Hi all

As a newby I try to get a understanding about the following problem:

I run FreeBSD 13.0-RELEASE-p8.

When I ping google.com, I don't get an answer on this machine, only:
Code:
ping: UDP connect: No route to host
But on others (LINUX) it works.

When I ping other hosts, like amazon.com from the FreeBSD PC, I get the routing information.
When I traceroute from the FreeBSD machine, I get the routing information for any domain.

So, if for example google.com or other domains would refuse to answer to the ping, it would not work on other Linux machines either.

That's super wired to me, can anyone explain it?

Here is some information about my network configuration:


rc.conf
Code:
hostname="crow"
ifconfig_em0="DHCP"
ifconfig_em0_ipv6="inet6 accept_rtadv"
ip6addrctl_enable="NO"

ifconfig:
Code:
em0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=481249b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,WOL_MAGIC,VLAN_HWFILTER,NOMAP>
    ether 00:25:90:d7:6d:15
    inet6 fe80::225:90ff:fed7:6d15%em0 prefixlen 64 scopeid 0x1
    inet 192.168.20.10 netmask 0xffffff00 broadcast 192.168.20.255
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
igb0: flags=8822<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=4e507bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
    ether 00:25:90:d7:6d:14
    media: Ethernet autoselect
    status: no carrier
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
    inet 127.0.0.1 netmask 0xff000000
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>


Many thanks for enlightening me
 
you are pinging an ipv6 addr
hey covacat, tnx for the hint.

ummm...I thought I had disabled the IPV6 acording to the rc.conf entry ( ip6addrctl_enable="NO" ).
I also have blocked any ipv6 traffic on the pfsense. May this causing the issue?

Can you help me with the correct rc.conf entry for a DHCP ip on the FBSD machine.

tnx.
 

SirDice

Administrator
Staff member
Administrator
Moderator
Can you help me with the correct rc.conf entry for a DHCP ip on the FBSD machine.
You already have it. DHCP has nothing to do with IPv6.

I doubt it's an IPv6 issue though, you only have a link-local address on em0. So you don't have proper IPv6 connectivity any way. But you can easily test this by adding -4 to the ping(8) command.
 
You already have it. DHCP has nothing to do with IPv6.

I doubt it's an IPv6 issue though, you only have a link-local address on em0. So you don't have proper IPv6 connectivity any way. But you can easily test this by adding -4 to the ping(8) command.
Thanks.
I tested with -4 and you are right.

Hmmm...so I have to dig deeper...just don't know where to continue.

My pfsense configuration is not the problem too. I connected the FBSD PC directly to the router. Same problem.

Because I think it's a DNS problem, I found out that DNS information is in /etc/resolv.conf.

In there I find
nameserver 192.168.20.1

So the x.20.1 is the IP of the igb3 on my pfsense, which makes sense, rgiht?

Is there any other DNS information I could check? Or anything else that comes in mind?
 
What does “route get google.com” reveal? What does “host google.com” reveal? Your original ping error would be different if DNS failed. This looks like a firewall issue.
 
If I'm recalling my "Stevens" correctly, ping and traceroute both typically use ICMP, but they may be different types of ICMP.
google.com may be blocking the ICMP type for ping but not traceroute.
 
What does “route get google.com” reveal? What does “host google.com” reveal? Your original ping error would be different if DNS failed. This looks like a firewall issue.
GW 20.1 is correct:

route get google.com
route to: zrh04s16-in-f14.1e100.net
destination: default
mask: default
gateway: 192.168.20.1
fib: 0
interface: em0
flags: <UP,GATEWAY,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 1500 1 0


host google.com
google.com has address 142.250.186.78
google.com has IPv6 address 2a00:1450:4001:828::200e
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
 
If you tcpdump in one window and do "ping -c 1 google.com" in another window, you should see something like this:
16:59:26.193328 IP MYADDR.23167 > NAMESRV.53: 21384+ A? google.com. (28)
16:59:26.208041 IP NAMESRV.53 > MYADDR.23167: 21384 6/0/0 A 64.233.177.102, A 64.233.177.113, A 64.233.177.139, A 64.233.177.101, A 64.233.177.138, A 64.233.177.100 (124)
16:59:26.209227 IP MYADDR > 64.233.177.102: ICMP echo request, id 48344, seq 0, length 64
16:59:26.275944 IP 64.233.177.102 > MYADDR: ICMP echo reply, id 48344, seq 0, length 64


Note that the first two packets talk to the name server to map google.com to an IP address.

The error message you received was ping: UDP connect: No route to host, which makes me think the problem is that somehow your machine can't find a route to the *nameserver*. But now that you are starting from scratch you will never know!

FWIW, my general problem solving advice is to *not* try different things that people suggest but to first look *deeper* into what is going on, *without* changing anything relevant. This helps you get a better understanding of what is going on, by talking to other people you learn what tools help you debug problems and ultimately you find the actual problem. In trying different things the problem may get "magically" solved and you are none the wiser. You may be even more confused afterwards! Instead of building up your confidence in your ability to debug problems, you will have lost some confidence!
 
Top