Internet works, but ping does not.

I am connected to the Internet, the connection works on browsers and in command prompt, except that ping stopped returning results for the last one or two days. Can ping localhost by name and ip, it works, but ping to any external domain name or IP does not return results. How do I troubleshoot this?
 
Could try traceroute -P ICMP 1.1.1.1, where 1.1.1.1 is a well-accessible nameserver. Then also for protocols UDP and TCP, and see where does the trace diverge. Maybe an early router drops ICMP, which is usually used by ping? See also man traceroute.
 
Thank you for your replies.

chrbr I enabled pf, when ping did not work, commented out the entries, restarted the computer.

# service firewall status
firewall does not exist in /etc/rc.d or the local startup
directories (/usr/local/etc/rc.d), or is not executable
# service pf status
Cannot 'status' pf. Set pf_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status'.
# service ipfw status
Cannot 'status' ipfw. Set firewall_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status'.
# service ipfilter status
Cannot 'status' ipfilter. Set ipfilter_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status'.
# kldstat
Id Refs Address Size Name
1 158 0xffffffff80200000 1f30590 kernel
2 1 0xffffffff82131000 feb0 if_bridge.ko
3 2 0xffffffff82141000 82b0 bridgestp.ko
4 1 0xffffffff8214a000 4c80 cpuctl.ko
5 1 0xffffffff8214f000 af68 cryptodev.ko
6 1 0xffffffff8215a000 582d68 vmm.ko
7 1 0xffffffff826dd000 5ec1d8 zfs.ko
8 1 0xffffffff82cca000 40f8 nmdm.ko
9 1 0xffffffff82ccf000 3bb0 mac_ntpd.ko
10 1 0xffffffff82cd3000 8468 cfumass.ko
11 2 0xffffffff82cdc000 73a10 ctl.ko
12 2 0xffffffff82d50000 1b5b0 usb_template.ko
13 1 0xffffffff83400000 31fd70 amdgpu.ko
14 2 0xffffffff83210000 7f020 drm.ko
15 3 0xffffffff83290000 cbc8 linuxkpi_gplv2.ko
16 1 0xffffffff8329d000 e778 ttm.ko
17 1 0xffffffff832ac000 2218 amdgpu_picasso_gpu_info_bin.ko
18 1 0xffffffff832af000 64d8 amdgpu_picasso_sdma_bin.ko
19 1 0xffffffff832b6000 2e2d8 amdgpu_picasso_asd_bin.ko
20 1 0xffffffff832e5000 7558 amdgpu_picasso_pfp_bin.ko
21 1 0xffffffff832ed000 6558 amdgpu_picasso_me_bin.ko
22 1 0xffffffff832f4000 4558 amdgpu_picasso_ce_bin.ko
23 1 0xffffffff832f9000 b9c0 amdgpu_picasso_rlc_am4_bin.ko
24 1 0xffffffff83305000 437e8 amdgpu_picasso_mec_bin.ko
25 1 0xffffffff83349000 437e8 amdgpu_picasso_mec2_bin.ko
26 1 0xffffffff8338d000 7bb8 amdgpu_raven_dmcu_bin.ko
27 1 0xffffffff83395000 5a638 amdgpu_picasso_vcn_bin.ko # on a side note, wondered why amdgpu loads so many.
28 1 0xffffffff833f0000 3378 acpi_wmi.ko
29 1 0xffffffff833f4000 3218 intpm.ko
30 1 0xffffffff833f8000 2180 smbus.ko
31 1 0xffffffff833fb000 2340 uhid.ko
32 1 0xffffffff83720000 4350 ums.ko
33 1 0xffffffff83725000 3380 usbhid.ko
34 1 0xffffffff83729000 31f8 hidbus.ko
35 1 0xffffffff8372d000 38070 linux.ko
36 4 0xffffffff83766000 10ab0 linux_common.ko
37 1 0xffffffff83777000 32208 linux64.ko
38 1 0xffffffff837aa000 2260 pty.ko
39 1 0xffffffff837ad000 3530 fdescfs.ko
40 1 0xffffffff837b1000 639c linprocfs.ko
41 1 0xffffffff837b8000 3284 linsysfs.ko

rdog I ran the commands.

$ traceroute -P ICMP 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 48 byte packets
1 192.168.1.x (192.168.1.x) 0.434 ms 0.242 ms 0.215 ms # I have set a static ip for the router. It works.
2 100.108.0.1 (100.108.0.1) 1.268 ms 1.916 ms 1.445 ms
3 * * *
4 100.100.107.232 (100.100.107.232) 4.754 ms 4.777 ms 5.339 ms
5 172.31.115.230 (172.31.115.230) 11.667 ms 8.828 ms 9.233 ms
6 172.31.115.231 (172.31.115.231) 8.824 ms 9.441 ms 8.595 ms
7 115.247.84.61 (115.247.84.61) 9.853 ms 10.518 ms 10.370 ms
8 172.16.5.85 (172.16.5.85) 10.394 ms 13.356 ms 10.412 ms
9 172.16.5.85 (172.16.5.85) 10.175 ms 10.021 ms 10.712 ms
10 * * *
11 * * *
12 49.44.220.131 (49.44.220.131) 11.160 ms 11.053 ms 10.150 ms
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
31 * * *
32 * * *
33 * * *
34 * * *
35 * * *
36 * * *
37 * * *
38 * * *
39 * * *
40 * * *
41 * * *
42 * * *
43 * * *
44 * * *
45 * * *
46 * * *
47 * * *
48 * * *
49 * * *
50 * * *
51 * * *
52 * * *
53 * * *
54 * * *
55 * * *
56 * * *
57 * * *
58 * * *
59 * * *
60 * * *
61 * * *
62 * * *
63 * * *
64 * * *

traceroute -P UDP 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 40 byte packets
1 192.168.1.x (192.168.1.x) 0.414 ms 0.252 ms 0.218 ms
2 100.108.0.1 (100.108.0.1) 1.489 ms * *
3 * * *
4 * * *
5 * * *
6 172.31.115.231 (172.31.115.231) 9.247 ms * *
7 * * *
8 * 172.16.5.85 (172.16.5.85) 10.469 ms *
9 * * *
10 * * *
11 * * *
12 * one.one.one.one (1.1.1.1) 9.708 ms *

$ traceroute -P TCP 1.1.1.1

traceroute -P TCP 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 40 byte packets
1 192.168.1.x (192.168.1.x) 0.431 ms 0.256 ms 0.239 ms
2 100.108.0.1 (100.108.0.1) 1.182 ms * *
3 * * *
4 * * *
5 * 172.31.115.230 (172.31.115.230) 9.329 ms *
6 * * *
7 * * 115.247.84.61 (115.247.84.61) 19.184 ms
8 * * *
9 * * 172.16.5.85 (172.16.5.85) 10.224 ms
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
31 * * *
32 * * *
33 * * *
34 * * *
35 * * *
36 * * *
37 * * *
38 * * *
39 * * *
40 * * *
41 * * *
42 * * *
43 * * *
44 * * *
45 * * *
46 * * *
47 * * *
48 * * *
49 * * *
50 * * *
51 * * *
52 * * *
53 * * *
54 * * *
55 * * *
56 * * *
57 * * *
58 * * *
59 * * *
60 * * *
61 * * *
62 * * *
63 * * *
64 * * *

Strangely ping works in a ubuntu vm in a bhyve environment within the same same freebsd machine where this ping error occurs.
 
Hm, you could try to look at network traffic using wireshark, and see what is the difference in the successful / failed attempts. Wondering aloud, can it be IPv6 vs IPv4? Could try to ping passing -4 or -6 to the host or the VM (while targeting a domain name with ping).
 
I enabled pf, when ping did not work, commented out the entries, restarted the computer.
Does that mean that ping works when pf is disabled? If yes the configuration of pf would be interesting. If no I have no idea where to look.
 
chrbr Ping doesn't work in either case. I don't know pf commands, enabled it to try apache24 or nginx, when I found ping not working yesterday, commented out the pf entries in rc.conf. In any case the ping issue is NOT releated to pf configuration.
Thank you SirDice Here is the output of ifconfig and netstat -rn

ifconfig
Code:
re0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=82099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
        ether 3c:7c:3f:0f:b6:5f
        inet 192.168.1.130 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::3e7c:3fff:fe0f:b65f%re0 prefixlen 64 scopeid 0x1
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
re0bridge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 58:9c:fc:10:ff:cd
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 4 priority 128 path cost 2000000
        member: re0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 20000
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        ether 58:9c:fc:10:22:63
        groups: tap
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        Opened by PID 61694

netstat -rn
Code:
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.1.13       UGS         re0
127.0.0.1          link#2             UH          lo0
192.168.1.0/24     link#1             U           re0
192.168.1.130      link#1             UHS         lo0

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           UGRS        lo0
::1                               link#2                        UHS         lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%re0/64                     link#1                        U           re0
fe80::3e7c:3fff:fe0f:b65f%re0     link#1                        UHS         lo0
fe80::%lo0/64                     link#2                        U           lo0
fe80::1%lo0                       link#2                        UHS         lo0
ff02::/16                         ::1                           UGRS        lo0
 

SirDice

Administrator
Staff member
Administrator
Moderator
192.168.1.13 is an odd gateway address, this is usually .1 or sometimes .254. Are you sure that's the correct address? It's not wrong by definition (any address in the subnet could function as a gateway address), it's just not common.
 
It looks to me like you have assigned an IP to re0 when it is a member of the re0bridge..
The bridge re0bridge needs an IP not the individual members.
It is possible that you are using DHCP on re0 when it should be on re0bridge.
re0 should be set to 'up' in /etc/rc.conf

If the bridge host needs an IP address then the correct place to set this is on the bridge interface itself rather than one of the member interfaces. This can be set statically or via DHCP:
 
SirDice Yes, that is the correct gateway address, though as you say it is uncommon.

Phishfry Yes, I have set a static IP address for re0, but when I had some trouble with network, in the process of troubleshooting (in the blind) I modified my /etc/rc.conf variously:

This is what it looks like, in an extract related to network settings (mostly):

nfs_reserved_port_only="NO"
dhcpd_enable="YES"
dhcpd_ifaces="re0"
cloned_interfaces="bridge1 tap0"
ifconfig_bridge1_name="re0bridge1"
ifconfig_re0bridge1="addm re0 addm tap0 up"
ifconfig_re0="up"
ifconfig_re0="inet 192.168.1.130/24"
ifconfig_re0_ipv6="inet6 accept_rtadv"
gateway_enable="YES"
defaultrouter="192.168.1.13"
named_enable="YES"
#ddclient_enable="YES"
#apache24_enable="YES"
#nginx_enable="YES"
#libvirtd_enable="YES"
sshd_enable="YES"
ntpd_enable="YES"
svm_enable="YES"
kvm_enable="YES"

From what I understand, dhcpd_ifaces needs to be re0bridge1 ?? (At the moment the bare machine with bsd13.1 works, the bhyve vm within runs ubuntu smoothly, despite the fact that ping doesn't work in the base machine. Also, ping works within vm,

Thank you.
 
cloned_interfaces="bridge1 tap0"
ifconfig_bridge1_name="re0bridge1"
ifconfig_re0bridge1="inet 192.168.1.130/24 addm re0 addm tap0"
ifconfig_re0="up"
ifconfig_re0="inet 192.168.1.130/24"
ifconfig_re0_ipv6="inet6 accept_rtadv" <<<< Not sure here. I believe mark it only 'up'
 
From what I understand, dhcpd_ifaces needs to be re0bridge1 ??
Sorry I missed this. So you are using ISC dhcpd server to issue IP's to your VM's?
Yes it would have to shift to re0bridge1 as well.

Please elaborate here. I am not sure of context of dhcpd.
 
cloned_interfaces="re0bridge1 tap0"
ifconfig_bridge1_name="re0bridge1"
ifconfig_re0bridge1="inet 192.168.1.130/24 addm re0 addm tap0"
ifconfig_re0="up"
ifconfig_re0_ipv6="up"
Some more edits.
You had cloned interfaces wrong too.
You might need to add ipv6 interface to the bridge too. Perhaps debug ipv6 later.

ifconfig_re0bridge1="inet 192.168.1.130/24 addm re0 addm tap0 addm re0_ipv6"
 
Thankyou Phishfry Made these new changes. BEFORE I restart the second time, I checked ifconfig re0 doesn't show an ip address, re0bridge1 shows the IP, in the bare machine, without starting vm, Internet works, ping does not. Will restart again now. ( I am not sure if my ISP has enabled ipv6.

re0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=82099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether xx:xx:3f:0f:xx:xx #masked
inet6 fe80::3e7c:3fff:fe0f:b65f%re0 prefixlen 64 scopeid 0x1
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
re0bridge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether xx:xx:fc:10:xx:xx #masked
inet 192.168.1.130 netmask 0xffffff00 broadcast 192.168.1.255
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 4 priority 128 path cost 2000000
member: re0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 55
groups: bridge
nd6 options=9<PERFORMNUD,IFDISABLED>
 
Thankyou Phishfry Made these new changes. BEFORE I restart the second time, I checked ifconfig re0 doesn't show an ip address, re0bridge1 shows the IP, in the bare machine, without starting vm, Internet works, ping does not. Will restart again now. ( I am not sure if my ISP has enabled ipv6.
Phishfry After changing cloned interface from bridge1 to re0bridge1, and including addm re0_ipv6 in the string, restarted (as happens after making changes to the rcconf file, there was a kernel panic, the screen flashed by to shutdown, restart, shutdown two or three times, before coming back alive), no internet, no IP address seen in ifconfig neither for re0 nor for re0bridge. Changing cloned interface to bridge1 which is a line preceeding the name assigned to bridge1. Rebooting. If it doesn't work, will try and remove addm re0_ipv6 and try. (These trials are not really as tiring as fixing a ten line yaml file !)

Update: After reverting the cloned interface to bridge1, after restart, no carrier. Will now try removing the reference to ipv6 in addm, as it appears that ipv6 is not enabled here.

Further update: removed addm re0_ipv6 and after a reboot, ifconfig shows IP address on re0bridge1, Internet works, ping still does not !
 
OK well now your bridge is correctly configured you can start diagnosing your problem.

First off, ICMP packets are what ping uses. So you need to make sure ICMP packets are allowed.

Do you have a firewall installed? Perhap upstream of you? I see your earlier response but have to ask again.

Can you ping internal addresses on your network? Preferably not on this machine/bridge.

I still see lines in rc.conf that are unneeded or not correct:
cloned_interfaces="re0bridge1 tap0"
ifconfig_bridge1_name="re0bridge1"<<<<<<<<<<< AXE This line completely. <<<<<<<<<<<<<<
ifconfig_re0bridge1="inet 192.168.1.130/24 addm re0 addm tap0"
ifconfig_re0="up"
 
OK well now your bridge is correctly configured you can start diagnosing your problem.

First off, ICMP packets are what ping uses. So you need to make sure ICMP packets are allowed.

Do you have a firewall installed? Perhap upstream of you? I see your earlier response but have to ask again.

Can you ping internal addresses on your network? Preferably not on this machine/bridge.

I still see lines in rc.conf that are unneeded or not correct:
cloned_interfaces="re0bridge1 tap0"
ifconfig_bridge1_name="re0bridge1"<<<<<<<<<<< AXE This line completely. <<<<<<<<<<<<<<
ifconfig_re0bridge1="inet 192.168.1.130/24 addm re0 addm tap0"
ifconfig_re0="up"

Phishfry After I uncommented the line related to bridge name, network disconnected, and it took a while to set this right in rc.conf, now connected.

Ping works for the localhost, localhost's IP, localhost by name and another computer in the local network when I ping by IP but doesn't work when I ping external domain names or external IPs

I have also noticed that some changes in a ubuntu machine running a ubuntu vm caused the static ip address to change to a dynamic one from a different pool, with the result that the bsd computer connected to the home router by fiber gets a static address 192.168.1.x (and the vm inside) while the ubuntu computer (and the vm inside) connected by another wire from another network interface of the same router get a 192.168.122.x dynamic addresses. The two computers can't talk to each other.
 
Please elaborate here. I am not sure of context of dhcpd.
I think you have a dhcp problem. Does you fiber router upstream have dhcp enabled too?
another network interface of the same router get a 192.168.122.x dynamic addresses.
That is what I am thinking. You have two dhcp servers running I bet. One on your fiber router and this .130 box.
That 192.168.122.x is a whole different subnet. So you have a dhcp server working there.
I think you need to decide if you really want two dhcp servers on the same network or just one.
Two is no problem but you must set it up properly and you will might have to make firewall rules for talking between the two subnets.
 
After struggling for hour trying to get ten lines of yaml to work, I deleted yaml, configured network following a previous ubuntu method, and the two computers are now in the same subnet. There is a common problem (not sure if this is a problem) in both freebsd and ubuntu: When a bridge is configured, ifconfig shows the IP only for the bridge interface, not for re0.
 
When a bridge is configured, ifconfig shows the IP only for the bridge interface, not for re0.
That is correct. Only your bridge gets an IP. Now you have it setup correctly.
But what about your dhcpd server. Why is it needed?
With a bridge and tap all your VM's should get an IP from your fiber routers DHCP server.
No need for another dhcp server. That is what the bridge does.
 
Another point. If you are forcing an IP address (static ip 192.168.1.130) when using a DHCP server that is bad.
The correct way is use a "static dhcp address" on your DHCP server if you want to avoid dynamic IP for a box.
I am recommending you ditch dhcpd and use your fiber router's DHCP server.
Then you would do this:
.
cloned_interfaces="re0bridge1 tap0"
ifconfig_re0bridge1="DHCP addm re0 addm tap0"
ifconfig_re0="up"

And make your static dhcp address on the router if desired.

You need to dig into the manual for the router because it is also probably blocking external ICMP packets.
 
Top