DNS is working, but no internet

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
Lipote
Level 1
Level 1
Posts: 4
Joined: Wed Apr 08, 2020 9:10 am

DNS is working, but no internet

Post by Lipote »

Dear Users,
I am pretty new with Linux, but I guess I know a little about networking.
I run Linux Mint 19.3 Cinnamon V 4.4.8 with Kernel 5.3.0-40.

I am connected by to the Network of an institution (169.254.x.x with /16 net-mask ). DHCP provides IP, DNS and Gateway to the internet.
All IP's are correct, DNS is resolving local NW and WWW names correctly (ping is working fine), but MINT does not connect to the WWW. LAN connections such as RDP are correctly working as well by Name as by IP.

The WWW has been working out of the box (for about 4 months) until I changed the sub-net (from 10.106.x.x to 169.254.x.x) by just physically connecting to an other network branch (including domain name change) with an other DHCP server. No change to the system has been made except shut down, reconnect and reboot.
I can not say if the old sub-net is still working, I am at the moment at an other location.

The problem is independent of the NW-card (same on WLAN as on cabled LAN).
At the machine are several VM-Ware virtual machines running (windows) - all of them have internet in both mode of NW-card(Host IP shared, direct connect to Network) working as well on DHCP as on (correct) manual setting. - I believe the connection it self is working.

How I can see / edit the Internet routing settings of my MINT?
Any comment / help is appreciated.
Thank you in advance
Andreas
Pippin
Level 4
Level 4
Posts: 370
Joined: Wed Dec 13, 2017 11:14 am
Location: The Shire

Re: DNS is working, but no internet

Post by Pippin »

The WWW has been working out of the box (for about 4 months) until I changed the sub-net (from 10.106.x.x to 169.254.x.x) by just physically connecting to an other network branch (including domain name change) with an other DHCP server.
Very bad choice, change it to RFC1918 space.
Peer review = Ossification of current assumptions, the censorship of competing hypotheses.

Mathematical proofs = Elegant consistencies within a synthetic man-made universe.
Models are not reality, no matter how elegant.
rene
Level 16
Level 16
Posts: 6623
Joined: Sun Mar 27, 2016 6:58 pm

Re: DNS is working, but no internet

Post by rene »

Expanding on that since you may not have the option of changing it yourself...

169.254/16 is the IPv4 link-local address space, and an address in the range you should basically only ever see as a self-assigned address if the DHCP server is down. If you are actually sure that you receive that address from the DHCP server then whoever set that up needs a clue beaten into him or her in a serious way.

On current Linux a 169.254/16 route is setup for IPv4LL, i.e., Zeroconf networking, i.e., Avahi; see man avahi-autoipd for more information. You view routes with route -n.

If you are in fact sure you need and want to, you can disable the route per-boot with a manual

Code: Select all

sudo route del -net 169.254.0.0 netmask 255.255.0.0
or, it seems, permanently with sudo chmod -x /etc/network/if-up.d/avahi-autoipd.

But... it seems something fishy's going on there. You should not be seeing 169.254/16 as your actual/only address if DHCP-assigned.
Lipote
Level 1
Level 1
Posts: 4
Joined: Wed Apr 08, 2020 9:10 am

Re: DNS is working, but no internet

Post by Lipote »

Dear Rene,
thank you for the explanation.
The 169.254 /16 range was not decided by myself.
I am at a company where we have an admin NW (10.106.x.x.) with firewall and WWW link. There "normal" IT is linked to.
Additional there is an (about 20years ago) created Industrial Network 169.254.x.x. linking about 200 industrial devices (VFD, PLC, IO, SCADA servers & clients, HMI's and SQL storage servers), there I need to be for PLC programming reasons.
Both NW are strictly separated, but I can use a special gateway working as NAT to route to the WWW. This works for the VM's fine as well as for the Windows PC(s) for SCADA and HMI.
The address range of the 169... can be only changed while ALL production is down, since most of PLC's require a HW download in STOP mode to change the IP. As those devices are communicating (each other, to HMI and to SCADA) this is a really big act, I can plan, but not realize within 6 months.
Therefor I would appreciate a possibility to adapt my MINT to deal with the situation.

I removed the route, but still its not working

Code: Select all

aboettcher@KS8:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         169.254.142.1   0.0.0.0         UG    20600  0        0 wlo2
169.254.0.0     0.0.0.0         255.255.0.0     U     600    0        0 wlo2

aboettcher@KS8:~$ sudo route del -net 169.254.0.0 netmask 255.255.0.0
[sudo] password for aboettcher:    
     
aboettcher@KS8:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         169.254.142.1   0.0.0.0         UG    20600  0        0 wlo2
The Gateway is correct 169.254.142.1, wlo2 is the card with the link. But still not working...
Do you have any other ideas?
Thanks for the help
Andreas
EDIT: I forgot to tell, the 169... address is correct provided and received from the DHCP server (169.254.142.254). The same server provides the gateway 169.254.142.1. This works perfectly for Windows. Why it shall not be possible to get it working also on MINT?
By the way: simple MANUAL setting did not help since the result is identically to DHCP.
rene
Level 16
Level 16
Posts: 6623
Joined: Sun Mar 27, 2016 6:58 pm

Re: DNS is working, but no internet

Post by rene »

Mmm. I was fairly positive that would work in practice even if rather theoretically iffy. The unfortunate thing is that my current normal modem/router (my DHCP server, that is) can only be configured to 192.168.x.y so that I can't easily simulate without fairly major local network surgery which would also in my case mean a bit too much of an interruption. The issue's moreover basically impossible to google for due to as said 169.254.0.0/16 normally being self-assigned link-local only so please be aware that I'm now basically guessing, that you should likely retreat to a more Linux-general yet networking-specific forum, but...

You specify a Windows system on that network acting as if all's fine so unfortunately we don't get to point to the router. Trying to think of what Linux could do differently... there's something at IPv4 kernel level called Reverse Path Filtering which is at least on Mint set active by default and which would seemingly be likely involved.

Code: Select all

$ sysctl -ar "\.rp_filter"
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.enp6s0.rp_filter = 2
net.ipv4.conf.lo.rp_filter = 0
Do Happy Times occur when you set any or all of the in your case displayed ones to 0? E.g., supposedly

Code: Select all

sudo sysctl -w net.ipv4.conf.wlo2.rp_filter=0
and/or etcetera. I doubt this would be not dynamically testable but if this does not work immediately or if it does and you want to make it permanent, add e.g.

Code: Select all

net.ipv4.conf.wlo2.rp_filter=0
to /etc/sysctl.conf and reboot, still making sure to also still be rid of the IPv4LL route as per above.

I'm as said not testing this and it's getting to the edge of what I would consider myself comfortable with/capable of networking-wise so if this does not help I'm afraid I give up. The starting situation is just a bit too odd...
Lipote
Level 1
Level 1
Posts: 4
Joined: Wed Apr 08, 2020 9:10 am

Re: DNS is working, but no internet

Post by Lipote »

RENE, thank you very much.

I will continue to test.

A other chance is to connect VM's directly to the 169.254 net and let do WINDOWS the NAT to 192.168 (inside the VM) for the LINUX on an additional NW (virtual) card for the VM.
The adresses can be manual adjusted or by a DHCP running on the VM.
Next chance is running VPN server on the VPN and connect Linux to this.

If native link is not working, I will try those options.
Andreas
rene
Level 16
Level 16
Posts: 6623
Joined: Sun Mar 27, 2016 6:58 pm

Re: DNS is working, but no internet

Post by rene »

Does that mean that disabling rp_filter does not work or that you haven't yet tested it, because now I'm interested...
Lipote
Level 1
Level 1
Posts: 4
Joined: Wed Apr 08, 2020 9:10 am

Re: DNS is working, but no internet

Post by Lipote »

Hi Rene, first of all, sorry for the very late respond: Yesterday I spent with my family - sometimes we do need something else than computers.

I tried to disable the rp_filter, but it did not work at any level you suggested.
I gave up and shared the WWW from the VM running by adding an additional NW card.
This is not a perfect solution (it requires always the WIN to be running), but it works.

Anyway thank you very much for the help.
Andreas
rene
Level 16
Level 16
Posts: 6623
Joined: Sun Mar 27, 2016 6:58 pm

Re: DNS is working, but no internet

Post by rene »

Crap. Thought I had in fact probably managed to identify the problem. Oh well.

Yes, a workaround seems good enough, certainly if/given that you can at some point get that network to one of the private ranges.
Post Reply

Return to “Other networking topics”