Home>

ubuntu - do not reply to icmp requests addressed to you

Ping from Server1 to Server2 does not pass in the network environment on the following physical servers.
I checked with tcpdump and it seems that an ICMP request has arrived at Server2, but it does not return a reply.
I do n’t know the cause and I ’m really in trouble. Would you please teach me? Thank you in advance.

The OS of Server1 and Server2 is using Ubuntu18.04.3.

| Server1 (eth0) |<-LAN cable connection->| (eth1) Server2 |

eth0: (IP: 10.0.1.1/24, Mac: a0: 36: 9f: a0: ec: ad)
eth1: (IP: 10.0.1.2/24, Mac: 90: e2: ba: 00: 87: 62)


・ Output when Ping command is executed
root @ server1:/home/tsubasa # ping -I 10.0.1.1 10.0.1.2
PING 10.0.1.2 (10.0.1.2) from 10.0.1.1: 56 (84) bytes of data.

・ ARP table
Address HWtype HWaddress Flags Mask Iface
_gateway ether 00: 09: 0f: 09: 14: 0a C eno1
10.31.22.17 ether dc: fe: 07: d2: a3: fd C eno1
10.31.22.72 ether e2: c8: 80: 17: 63: 9e C eno1
10.31.22.34 ether 70: f3: 95: 00: 6e: f9 C eno1
10.31.22.35 ether 70: f3: 95: 00: 64: 56 C eno1
10.31.22.89 ether dc: fe: 07: d2: a3: 06 C eno1
10.0.1.2 ether 90: e2: ba: 00: 87: 62 CM eth0
10.0.1.4 (incomplete) eth0


-Output when the tcpdump command is executed (modified)
root @ server2:/home/tsubasa # tcpdump -i any icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
12: 07: 27.170769 IP 10.0.1.1>server2: ICMP echo request, id 18611, seq 137, length 64
12: 07: 28.194847 IP 10.0.1.1>server2: ICMP echo request, id 18611, seq 138, length 64
12: 07: 29.218772 IP 10.0.1.1>server2: ICMP echo request, id 18611, seq 139, length 64

-Output when the ip route command is executed (added)
root @ server2:/home/tsubasa # ip route
default via 10.31.22.1 dev eno1 proto static
10.0.1.0/24 dev eth1 proto kernel scope link src 10.0.1.2
10.31.22.0/24 dev eno1 proto kernel scope link src 10.31.22.34

Firewall settings (additional)
tsubasa @ server2: ~/tutorials/exercises/basic/solution $sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt ​​source destination

Chain FORWARD (policy ACCEPT)
target prot opt ​​source destination

Chain OUTPUT (policy ACCEPT)
target prot opt ​​source destination

ubuntu server network routing
  • Answer # 1

    Easy of Server2 was set as an OpenvSwitch port. By removing eth1 of Server2 from the OpenvSwitch port, we were able to check the communication from Server1 to Server2. I thought that eth1 could be used to check communication if the OpenvSwitch daemon was not running, but since eth1 and eth2 were added to the ofsbr0 bridge in order to use OpenvSwitch, ICMP reply from eth1 to Server1 It seems that could not be done.

    Thank you very much @TaichiYanagiya and @ dodox86 for taking care of my rudimentary mistakes.


    tsubasa @ server2: ~/openvswitch-2.12.0 $ip a
    1: lo:mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00
    inet 127.0.0.1/8 scope host lo
    valid_lft forever preferred_lft forever
    inet6 :: 1/128 scope host
    valid_lft forever preferred_lft forever
    2: eno1:mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 70: f3: 95: 00: 6e: f9 brd ff: ff: ff: ff: ff: ff
    inet 10.31.22.34/24 brd 10.31.22.255 scope global eno1
    valid_lft forever preferred_lft forever
    inet6 fe80 :: 72f3: 95ff: fe00: 6ef9/64 scope link
    valid_lft forever preferred_lft forever
    3: eth1:mtu 1500 qdisc mq master ovs-system state UP group default qlen 1000
    link/ether 00: 1b: 21: bb: 23: c0 brd ff: ff: ff: ff: ff: ff
    inet 10.0.1.2/24 scope global eth1
    valid_lft forever preferred_lft forever
    inet6 fe80 :: 21b: 21ff: febb: 23c0/64 scope link
    valid_lft forever preferred_lft forever
    4: eth2:mtu 1500 qdisc mq master ovs-system state DOWN group default qlen 1000
    link/ether 00: 1b: 21: bb: 23: c1 brd ff: ff: ff: ff: ff: ff
    7: ovs-system:mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 6a: 20: c0: 95: 28: 4d brd ff: ff: ff: ff: ff: ff
    8: ofsbr0:mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00: 1b: 21: bb: 23: c0 brd ff: ff: ff: ff: ff: ff


    tsubasa @ server2: ~/openvswitch-2.12.0 $sudo ovs-vsctl del-br ofsbr0
    [sudo] password for tsubasa:
    tsubasa @ server2: ~/openvswitch-2.12.0 $ip a
    1: lo:mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00: 00: 00: 00: 00: 00 brd 00: 00: 00: 00: 00: 00
    inet 127.0.0.1/8 scope host lo
    valid_lft forever preferred_lft forever
    inet6 :: 1/128 scope host
    valid_lft forever preferred_lft forever
    2: eno1:mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 70: f3: 95: 00: 6e: f9 brd ff: ff: ff: ff: ff: ff
    inet 10.31.22.34/24 brd 10.31.22.255 scope global eno1
    valid_lft forever preferred_lft forever
    inet6 fe80 :: 72f3: 95ff: fe00: 6ef9/64 scope link
    valid_lft forever preferred_lft forever
    3: eth1:mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00: 1b: 21: bb: 23: c0 brd ff: ff: ff: ff: ff: ff
    inet 10.0.1.2/24 scope global eth1
    valid_lft forever preferred_lft forever
    inet6 fe80 :: 21b: 21ff: febb: 23c0/64 scope link
    valid_lft forever preferred_lft forever
    4: eth2:mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 00: 1b: 21: bb: 23: c1 brd ff: ff: ff: ff: ff: ff

    tsubasa @ server2: ~/openvswitch-2.12.0 $ping 10.0.1.1
    PING 10.0.1.1 (10.0.1.1) 56 (84) bytes of data.
    64 bytes from 10.0.1.1: icmp_seq = 1 ttl = 63 time = 4.00 ms
    64 bytes from 10.0.1.1: icmp_seq = 2 ttl = 63 time = 4.09 ms
    64 bytes from 10.0.1.1: icmp_seq = 3 ttl = 63 time = 4.09 ms

Related articles