Cannot ping other computers on LAN

It seems this question has been asked many times before but I can't seem to
find the solution from the responces so I apoligize in advance.

I can access the internet fine on both computers. I can use the IPX protocol
successfully between both computers when playing games. However ping does
not work. I discovered this trying to set up ssh.

I have a Mandrake 9.1 and here is my LAN setup:

DSL MODEM
|
V
ROUTER/SWITCH
192.168.2.1 --> Computer A 192.168.2.2
|
|
V
Computer B
192.168.2.3


When I ping from Computer A to B or B to A ping never gets a responce back:
(All commands from Computer A)

[charlie@localhost charlie]$ ping -c 1 192.168.2.3
PING 192.168.2.3 (192.168.2.3) 56(84) bytes of data.

--- 192.168.2.3 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

[charlie@localhost charlie]$ /sbin/route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0

[charlie@localhost charlie]$ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:03:47:A1:55:42
inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1781 errors:0 dropped:0 overruns:0 frame:0
TX packets:1897 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1195095 (1.1 Mb) TX bytes:289316 (282.5 Kb)
Interrupt:11 Base address:0x6000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1795 errors:0 dropped:0 overruns:0 frame:0
TX packets:1795 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:154169 (150.5 Kb) TX bytes:154169 (150.5 Kb)

[charlie@localhost charlie]$ cat /etc/sysconfig/network
NETWORKING=yes
GATEWAY=192.168.2.1

[charlie@localhost charlie]$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.2.2
NETMASK=255.255.255.0
NETWORK=192.168.2.0
BROADCAST=192.168.2.255
ONBOOT=yes


Can someone help me to find out what I need to do to fix this please?

Thanks in advance,
Charlie

CharlieB wrote:
> It seems this question has been asked many times before but I can't seem to
> find the solution from the responces so I apoligize in advance.
>
> I can access the internet fine on both computers. I can use the IPX protocol
> successfully between both computers when playing games. However ping does
> not work. I discovered this trying to set up ssh.
[snip]
> Can someone help me to find out what I need to do to fix this please?

It's probably a firewall issue. Be sure your firewalls are configured
to allow it.

Both Linux and XP have built-in firewalls and many people with XP use
add-on firewalls.

DS

On Wed, 22 Nov 2006, in the Usenet newsgroup comp.os.linux.networking, in
article <kSO8h.1917$(E-Mail Removed). net>, CharlieB wrote:

>I can access the internet fine on both computers.

Networking is functional

>I can use the IPX protocol successfully between both computers when
>playing games.

Ethernet can see "other" computer

>However ping does not work.

ping is often blocked or disabled today due to abuse

>I have a Mandrake 9.1 and here is my LAN setup:

OK

[charlie@localhost charlie]$ ping -c 1 192.168.2.3

This system has no name. If using static addressing (possible if your
router is set for it - a pain in the butt otherwise) set the full
host name (example: george.example.com) in /etc/sysconfig/network,
and associate that name to an IP address in /etc/hosts.

>PING 192.168.2.3 (192.168.2.3) 56(84) bytes of data.

Notice that this computer doesn't complain about "Host Unreachable" or
"Network Unreachable" - that means it knows how to "talk" to the other
computer. Basic networking is fine.

>1 packets transmitted, 0 received, 100% packet loss, time 0ms

But the peer did not answer. The other computer is running a firewall
blocking pings. If that computer is running Mandrake 9.1, then run the
command '/sbin/iptables -L' to see what firewall rules are in effect. You
should also look at the contents of '/proc/sys/net/ipv4/icmp_echo_ignore_all'
which should be a '0' to permit ping replies. The OTHER POSSIBILITY
is that "this" computer has a firewall blocking ping replies. Run the
command '/sbin/iptables -L' to see what firewall rules are in effect.

>[charlie@localhost charlie]$ /sbin/route -n

Fine

>[charlie@localhost charlie]$ /sbin/ifconfig

Fine

>[charlie@localhost charlie]$ cat /etc/sysconfig/network

Add the "HOSTNAME=full.host.name" here, and add a line
192.168.2.2 full.host.name nicname
to /etc/hosts. You can add a similar line for the name/address of the
"other" computer and router if desired.

>[charlie@localhost charlie]$ cat /etc/sysconfig/network-scripts/ifcfg-eth0

Fine

>Can someone help me to find out what I need to do to fix this please?

Most likely, this is a firewall problem - but which computer is blocking
things? Otherwise, you are doing OK.

Old guy

Moe Trin wrote:
> On Wed, 22 Nov 2006, in the Usenet newsgroup comp.os.linux.networking, in
> article <kSO8h.1917$(E-Mail Removed). net>, CharlieB wrote:
>> I can access the internet fine on both computers.
>> However ping does not work.

After seeing what Moe wrote:
Does ping -n work?
Does traceroute -n work?

Moe Trin wrote:

> Most likely, this is a firewall problem - but which computer is blocking
> things? Otherwise, you are doing OK.
>
> Old guy

You were absolutely right. I did a:

shorewall clear

On both computers and I can ping now. I put a small rule in shorewall to
allow ssh connections from the LAN only and now ssh works also. Thank you
very much.

I'll look into the host naming too. I'll save your reply to fix at a later
date. My biggest stumbling block there is thinking up a good name for the
computers :-)

Allen McIntosh wrote:

> Moe Trin wrote:
>> On Wed, 22 Nov 2006, in the Usenet newsgroup comp.os.linux.networking, in
>> article <kSO8h.1917$(E-Mail Removed). net>, CharlieB
>> wrote:
>>> I can access the internet fine on both computers.
>>> However ping does not work.
>
> After seeing what Moe wrote:
> Does ping -n work?
> Does traceroute -n work?

It was a firewall issue. I fixed it thanks to them. Thank you for your
reply.

David Schwartz wrote:

>
>
> It's probably a firewall issue. Be sure your firewalls are configured
> to allow it.
>
> Both Linux and XP have built-in firewalls and many people with XP use
> add-on firewalls.
>
> DS

You were absolutely right. I did a:

shorewall clear

On both computers and I can ping now. I put a small rule in shorewall to
allow ssh connections from the LAN only and now ssh works also. Thank you
very much.

On Thu, 23 Nov 2006, in the Usenet newsgroup comp.os.linux.networking, in
article <L589h.2710$(E-Mail Removed). net>, CharlieB wrote:

>Moe Trin wrote:
>
>> Most likely, this is a firewall problem - but which computer is blocking
>> things? Otherwise, you are doing OK.

>You were absolutely right. I did a:
>
>shorewall clear
>
>On both computers and I can ping now. I put a small rule in shorewall to
>allow ssh connections from the LAN only and now ssh works also. Thank you
>very much.

I like to start securing my systems by first looking at 'netstat -anptu'
to see what is running. Do I what "this" or "that" even _running_ on the
system? Find out where they are being started (the PID is often a clue)
and take the appropriate action. Then I set up the firewall to "cover"
the rest. I see no need to block well known port (those below 1024) that
have nothing running. I do set a rule to DROP (silently ignore) any UDP
packets that are not responses to my DNS queries, because in most cases
this is windoze Messenger spam aimed at ports 1025-1040/udp, and often
the claimed IP source addresses are demonstrably faked. This avoids
me sending ICMP Type 3 Code 3 (port unreachable) or IP RST packets to
hosts that the spammer is spoofing.

>I'll look into the host naming too. I'll save your reply to fix at a later
>date. My biggest stumbling block there is thinking up a good name for the
>computers :-)

1178 Choosing a name for your computer. D. Libes. August 1990.
(Format: TXT=18472 bytes) (Also FYI0005) (Status: INFORMATIONAL)

2100 The Naming of Hosts. J. Ashworth. April 1 1997. (Format: TXT=4077
bytes) (Status: INFORMATIONAL)

Two RFCs available on any search engine. Note that RFCs dated April 1
are often humorous, such as

1925 The Twelve Networking Truths. R. Callon. April 1 1996. (Format:
TXT=4294 bytes) (Status: INFORMATIONAL)

As regards naming schemes, that's a wide open game that can be fun and
challenging. We've got over 2000 systems in the sub-domain where I work,
and the registrar has decreed that the user (or manager) is responsible
for coming up with the name. As a result, there are lots of naming
schemes, such as:

=========================
Cars Beers Navel vessels Battles
Countries Animals Film/Stage/TV Stars Fruit/Vegetables
Stars/Planets Flowers Athletes Sports Teams
Chemicals/Elements Newspapers Magazines Publishers
States/Provinces Oceans/Seas Diseases Mythical Names
Cities Firearms Satellites Kings/Queens/Presidents
Cartoon Characters Pasta Wines Disasters
Painters Zodiac Currencies/Coins Scientists
=========================

As far as the domain portion of the name goes, unless you have registered
a name with an Internet Domain Registry, do not use any domain that might
possibly exist. Don't take it for granted, _test_it_ using a DNS query
tool like 'dig', 'dnsquery', 'host', or 'nslookup'. All to many people
choose some catchy name, not realizing that someone out on the Internet
already is using it. This causes subtle problems that are quite miserable
to troubleshoot, both for you and the actual owner of the domain.

2606 Reserved Top Level DNS Names. D. Eastlake 3rd, A. Panitz. June
1999. (Format: TXT=8008 bytes) (Also BCP0032) (Status: BEST CURRENT
PRACTICE)

That's another RFC with some suggestions.

Old guy