Linux – Ubuntu 16.04 can only ping own IP (but SSH in works fine)

linuxlinux-networkingnetworkingUbuntu

One of my Ubuntu servers are behaving very strangely. I can SSH into it, and I can ping the server itself (on 127.0.0.1, localhost and its LAN IP 192.168.88.9). No other outgoing network traffic works. Pinging to it from another computer on LAN works fine.

ifconfig:

eno1      Link encap:Ethernet  HWaddr 00:15:c5:ea:a3:75
          inet addr:192.168.88.9  Bcast:192.168.88.255  Mask:255.255.255.0
          inet6 addr: fe80::215:c5ff:feea:a375/64 Scope:Link
          inet6 addr: fd63:9db9:9717:0:215:c5ff:feea:a375/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:518989 errors:0 dropped:105240 overruns:0 frame:0
          TX packets:116542 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:89804473 (89.8 MB)  TX bytes:9939134 (9.9 MB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:408034 errors:0 dropped:0 overruns:0 frame:0
          TX packets:408034 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:77728418 (77.7 MB)  TX bytes:77728418 (77.7 MB)

/etc/network/interfaces:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eno1
iface eno1 inet static
    address 192.168.88.9
    gateway 192.168.88.1
    netmask 255.255.255.0
        dns-nameservers 192.168.88.1

iptables -L:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere             udp dpt:isakmp
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ipsec-nat-t
ACCEPT     esp  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

UFW is off…

route -n:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.88.1    255.255.255.0   UG    0      0        0 eno1
192.168.88.0    0.0.0.0         255.255.255.0   U     0      0        0 eno1

Best Answer

Found it! There was a weird iptables rule i POSTROUTING, which is not shown by default by iptables -L.

iptables -t nat -v -L POSTROUTING -n --line-number:

Chain POSTROUTING (policy ACCEPT 20 packets, 1200 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1       25  1775 SNAT       all  --  *      eno+    0.0.0.0/0            0.0.0.0/0            to:<my-external-ip>

I deleted it with iptables -t nat -D POSTROUTING 1

Related Topic