Static IP config unreliable on Fedora 27 Server

dominicm · May 10, 2018, 5:04pm

I’ve been trying to get static IP working on Fedora for maybe a year now but it keeps breaking constantly. Recently I though I had it but then after some updates it’s not working again. The strange thing is that with the below config files I can ping both local and remote addresses but Kodi which runs as standalone app (no desktop) has no access to either.

 sudo cat /etc/sysconfig/network-scripts/ifcfg-enp3s0
#HWADDR=70:85:C2:62:35:03
NM_CONTROLLED="yes"
DEVICE="enp3s0"
TYPE=Ethernet
BOOTPROTO=none
#DEFROUTE=yes
#IPV4_FAILURE_FATAL=no
#IPV6INIT=yes
#IPV6_AUTOCONF=yes
#IPV6_DEFROUTE=yes
#IPV6_FAILURE_FATAL=no
#IPV6_ADDR_GEN_MODE=stable-privacy
#NAME=enp37s0
#UUID=e7b16fec-ac94-3a42-adf8-8ae707b9ecf0
ONBOOT="yes"
#AUTOCONNECT_PRIORITY=-999
#IPV6_PRIVACY=no
#PROXY_METHOD=none
#BROWSER_ONLY=no
IPADDR=192.168.0.100
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=192.168.0.1
DNS2=1.1.1.1
DNS3=8.8.8.8
ZONE=

The last line was added automatically after updates.

cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.0.1
nameserver 1.1.1.1
nameserver 8.8.8.8

When it was working the trick was to use NM_CONTROLLED=“yes” as otherwise it would stop working but now either way Kodi has no network access.

I also tried generating a new config file with nmtui tool:

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=192.168.0.100
PREFIX=32
GATEWAY=192.168.0.1
DNS1=1.1.1.1
DNS2=1.1.0.0
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp3s0
UUID=2fa891e9-c9c4-44c0-8f18-41455c7afc66
DEVICE=enp3s0
ONBOOT=yes

The weird thing is that with this config the system became unbootable. It dropped me into emergency mode though I could continue with ctrl-D. I really don’t get why network config would do this or why it would work by simply continuing. Seems extremely unreliable that bad network config would cause this. Also while I could ping local/remote ip’s I could not ssh from same local ip with nmtui generated config.

What is the correct way to setup static IP? I am lost as to what I am doing wrong. Every resource seems to show essentially the same config.

carnogaunt · May 10, 2018, 6:04pm

I’ve been using nmcli for CentOS and Fedora since CentOS 7 was released.

If your gateway is a stateful firewall, this is probably due to asymmetric routing because of an incorrect netmask/prefix. In your nmtui config, you should have PREFIX=24 to match the one above it. I have not used nmtui in quite a while, but nmcli expects you to provide the CIDR prefix with the IP address and uses /32 as its default if you do not.

I have never seen a system fail to boot because of that.

The nmcli workflow would look something like this:

# find NetworkManager's name for your connection, often the same as the device name if set up from the installer, otherwise maybe something like "Wired connection 1"
nmcli con show
nmcli con mod enp3s0 ipv4.method manual ipv4.addresses 192.168.0.100/24 ipv4.gateway 192.168.0.1 ipv4.dns "1.1.1.1 1.1.0.0"
# apply settings, needs to be the actual device name
nmcli dev reapply enp3s0
# or, using the connection name
nmcli con down enp3s0
nmcli con up enp3s0

dominicm · May 10, 2018, 8:16pm

nmcli is a better option indeed. I renamed old config and created new one to start freshh with the following command:

sudo nmcli con add ifname enp3s0 type ethernet ipv4.method manual ipv4.addresses 192.168.0.100/24 ipv4.gateway 192.168.0.1 ipv4.dns "1.1.1.1 1.1.0.0"

Here is the resulting config file:

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=192.168.0.100
PREFIX=24
GATEWAY=192.168.0.1
DNS1=1.1.1.1
DNS2=1.1.0.0
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ethernet-enp3s0
UUID=372a3f2c-8ce7-4d3e-bbed-78a4ebb1e1c7
DEVICE=enp3s0
ONBOOT=yes

As soon as I rebooted I was dropped into emergency mode again. Config file seems almost identical to my original too. In any case even without this mystery kodi still has no networking.

Here is journalctl log in case it offers clues:

sudo journalctl -b -p err
-- Logs begin at Sat 2018-05-05 19:30:54 IST, end at Thu 2018-05-10 21:13:20 IST. --
May 10 21:01:18 Server kernel: ACPI BIOS Error (bug): Failure looking up [\_SB.ALIB], AE_NOT_FOUND (20180105/psargs-364)
May 10 21:01:18 Server kernel: ACPI Error: Method parse/execution failed \_SB.PCI0.VGA.ATC0, AE_NOT_FOUND (20180105/psparse-550)
May 10 21:01:18 Server kernel: ACPI Error: Method parse/execution failed \_SB.PCI0.VGA.ATCS, AE_NOT_FOUND (20180105/psparse-550)
May 10 21:01:19 Server kernel: sp5100-tco sp5100-tco: I/O address 0x0cd6 already in use
May 10 21:01:20 Server kernel: kvm: disabled by bios
May 10 21:01:20 Server kernel: kvm: disabled by bios
May 10 21:01:21 Server systemd[1]: Failed to mount /mnt/recycles.
May 10 21:02:22 Server nmbd[794]: [2018/05/10 21:02:22.570300,  0] ../lib/util/become_daemon.c:135(daemon_status)
May 10 21:02:22 Server nmbd[794]:   STATUS=daemon 'nmbd' : No local IPv4 non-loopback interfaces available, waiting for interface ...NOTE: NetBIOS name resolution is not supported for Internet Protocol Version 6 (IPv6).
May 10 21:02:22 Server abrtd[798]: '/var/spool/abrt/oops-2018-02-03-08:54:37-835-0' is not a problem directory
May 10 21:02:27 Server nmbd[794]: [2018/05/10 21:02:27.573726,  0] ../lib/util/become_daemon.c:124(daemon_ready)
May 10 21:02:27 Server nmbd[794]:   STATUS=daemon 'nmbd' finished starting up and ready to serve connections
May 10 21:02:27 Server smbd[1911]: [2018/05/10 21:02:27.716538,  0] ../lib/util/become_daemon.c:124(daemon_ready)
May 10 21:02:27 Server smbd[1911]:   STATUS=daemon 'smbd' finished starting up and ready to serve connections
May 10 21:02:49 Server systemd[1]: Timed out waiting for device dev-disk-by\x2dlabel-portable.device.
May 10 21:02:49 Server systemd[1]: Timed out waiting for device dev-disk-by\x2dlabel-parity.device.
May 10 21:04:51 Server systemd[1]: Timed out waiting for device dev-disk-by\x2dlabel-parity.device.
May 10 21:04:51 Server systemd[1]: Timed out waiting for device dev-disk-by\x2dlabel-portable.device.
May 10 21:11:31 Server systemd[2271]: Failed to start ownCloud Sync Service.

I recall seeing “sp5100-tco sp5100-tco: I/O address 0x0cd6 already in use” all along, I don’t think it an issue in this case. On the other hand “STATUS=daemon ‘nmbd’ : No local IPv4 non-loopback interfaces available, waiting for interface …NOTE: NetBIOS name resolution is not supported for Internet Protocol Version 6 (IPv6)” is somethhing I haven’t seen before from samba.

carnogaunt · May 11, 2018, 2:36am

These are the most interesting lines for why you might be getting emergency mode. I’ve never seen a bad network config cause that, but a missing disk absolutely could.

I would check /etc/fstab and comment out any lines for devices which you have removed from your system.

I have a feeling the problems with Kodi are unrelated to the boot issues. You might want to look at all NetworkManager log messages with journalctl -b -u NetworkManager. If it seems like the network is working for everything except Kodi then it might be worthwhile to look at SELinux and firewalld.

Ungstein · May 12, 2018, 1:37pm

+1 for /etc/fstab. Missing disk dropped me into emergency mode.

Eden · May 12, 2018, 2:25pm

Both are the same, nmtui is just a GUI to the CLI nmcli. both require a CIDR, and both default to 32 if you don’t specify one.

Both options are perfectly acceptable.

dominicm · May 13, 2018, 10:59am

All disk mounts have nofail and these disks have been missing all along. It did turn out to be another recent mount I had forgotten about. My best guess is that different network config cause just enough delay to make the mount point dependencies to become available. I any case fstab was indeed the issue regarding emergency mode.

Disabling the firewall still results in no networking in Kodi. SELinux is set to Permissive.

Kodi was actually working with the most recent config but now I rebooted again to confirm and it’s gone again. Kodi gets notifications from localhost services and is able to access localhost samba shares. No internet or emby (web service/plugin combo) running on localhost access. In Kodi system info I see busy under Internet as well as OS and uptime in case that offers clues.

Eden · May 13, 2018, 12:05pm

you should run fpaste --sysinfo, nmcli con show | fpaste might also be useful.

Turn your firewall back on, you set the ports of add the service definition, Kodi should have one, you can see it listed in firewall-cmd --get-services and can then apply it.

dominicm · May 13, 2018, 12:26pm

Yes, I added the firewalld rule manually, turned it off for testing just in case.

fpaste --sysinfo
https://paste.fedoraproject.org/paste/F6sH98UGixaaaAul85pGWQ

nmcli con show | fpaste
https://paste.fedoraproject.org/paste/vUUXRgLMt0po5Vvg-LOXOQ

Eden · May 13, 2018, 12:37pm

Whats the output of sudo firewall-cmd --list-all

dominicm · May 13, 2018, 12:53pm

It actually looks like the firewall is the issue. That last line seemed odd so I disabled firewalld again but upon reboot is started regardless. This is the same as with NetworkManager, I disable the service but it still starts on boot. Why is it still starting on boot? If I stop the firewalld and restart kodi it seems to work fine.

 sudo firewall-cmd --list-all
FedoraServer (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp3s0
  sources:
  services: dhcpv6-client ssh cockpit nzbget samba https http radarr sonarr couchpotato headphones emby mariadb kodi rtorrent dht
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
        rule family="ipv4" source address="192.168.0.0/24" port port="8080" protocol="tcp" accept

Eden · May 13, 2018, 1:11pm

Did you use iptables at some point? I noticed it was installed recently.

firewalld-cmd --remove-rich-rule 'family="ipv4" source address="192.168.0.0/24" port port="8080" protocol="tcp" accept'

test kodi, if it works,

firewalld-cmd --reload #will load to the previous state as we didnt save changes
firewalld-cmd --permanent --remove-rich-rule 'family="ipv4" source address="192.168.0.0/24" port port="8080" protocol="tcp" accept'
firewalld-cmd --reload
firewall-cmd --list-all

the rich rule should be gone.

There core services of Fedora. Unless you know what your doing and how to configure everything you likely want to use them. There fairly easy to use in comparison to the lower level utilities.

They’ll likely have started because something else needed them.

dominicm · May 13, 2018, 2:02pm

Don’t recall ever using iptables, it was probably just updated recently.

Removed the rule with command:

sudo firewall-cmd --remove-rich-rule 'rule family="ipv4" source address="192.168.0.0/24" port port="8080" protocol="tcp" accept'

No idea where the rich rule came from.

Added the port 8080 rule again and kodi is working as expected now.

sudo bash -c 'cat > /usr/lib/firewalld/services/kodi.xml << EOF
<?xml version="1.0" encoding="utf-8"?>
  <service>
  <short>Kodi</short>
  <description>Kodi Remote Control Service</description>
  <port protocol="tcp" port="8080"/>
</service>
EOF'

dominicm · May 13, 2018, 2:53pm

I spoke too soon. With the rich rule removed and with or without the port 8080 rule Kodi has not internet access. If I stop firewalld and restart kodi it works.

sudo firewall-cmd --list-all
FedoraServer (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp3s0
  sources:
  services: dhcpv6-client ssh cockpit nzbget samba https http radarr sonarr couchpotato headphones emby mariadb rtorrent dht
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules: