I have a device on my network on its own LAN. It is able to ping itself, but not able to ping 8.8.8.8. I have run traceroute on 8.8.8.8 and it is successful. I use pfSense and have this system setup as a DMZ with very limited access to the main LAN. I was wondering what commands would be best to figure out why this computer cannot access the internet. It is a nextcloud installation on a VM running Ubuntu 18.04 server. I am quite new to all this and I realize I haven’t provided enough information to troubleshoot. I would be happy to provide additional information as necessary. TIA.
It’s probably the firewall, can you take a screenshot of the DMZ rules?
if traceroute/ping is successful to 8.8.8.8, might it be a DNS issue?
If it isn’t, but one can get to the isolating switch (the router or whatever is being used to isolate the traffic), I’d propose it might be a forwarding issue when isolating the seperate nework, as you’d want all lan traffic isolated, but internet traffic routed/tunneled out ot the internet on a socket?
Or firewall blocking the web ports like @Dexter_Kane suggests. Forgot firewalls might allow icmp/ping traffic but block 80/web
So you said the problem system is a virtual machine?
First make sure that the VM host itself can communicate.
Check that the VM network type is correct for what your VM wanted. Nextcloud may need either firewall forwarding rules, or a “macvtap bridge” (if you’re using KVM) or maybe something even more exotic.
If it is using something weird for networking I’d recommend leaving it alone for now and testing another VM with something like a Ubuntu Live ISO, just to see if the default NAT virtual networking is OK.
If a second VM works OK then investigate the networking configuration of your Nextcloud VM.
Oh yeah, if you’re for some reason using a WiFi device as the VM host network interface it will not work for a server. The WiFi can only have one MAC at a time and can’t pretend to be multiple machines. You’d have to start getting complicated with a second IP assignment and forwarding rules to the internal NAT address of the VM.
Make sure your VM host has IP packet forwarding enabled.
sysctl -a | grep forward on the VM host might tell you things.
1 Like
use tcpdump -vvni eth0 icmp host 8.8.8.8 port 80 or similar and replace eth0 with your interface names to see where things are getting stuck - which packets are coming through, which ones have the right/wrong ip and so on.
Additionally, if you’re reasonably confident it’s the firewall that messing things up (packet comes in and gets lost, or ends up having a wrong ip on egress), you can insert -j LOG rules into various chains and look at dmesg. If you Google “iptables order flow” you’ll get a bunch of images with charts that explain different tables and in which order they’re traversed.
I’m reasonably confident it isn’t the VM. This worked for quite a while and only recently has it been giving me trouble.
tcpdump -vvni eth0 icmp host 8.8.8.8 port 80 I tried this command and it gave
tcpdump: ‘icmp’ modifier applied to host
And after all that I upgraded to 19.02 and rebooted and it works. Search me.
Usually upgrading Ubuntu breaks stuff rather than fixing it 
I’d suggest enabling logging on any block or reject rules you make, that way if you’re having issues you can check the firewall log and see if anything is getting blocked. Just use meaningful descriptions as that’s what will show up in the log.
1 Like
Thanks. I will do the logging. You are right about the upgrade. Oddly it is still working. I am going to attempt Wendell’s HA proxy solution for my NextCloud instance in the near future.