Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How to route outgoing connection via Floating IP Question Question
SFO2 region packet loss / Telia issue? Question Question

Question

Cannot ping newly created droplet, but ssh and browsing to the IP address work. Firewall is disabled

Posted July 31, 2019 3.1k views
NetworkingUbuntu 18.04

Hi All,

I have the same issue described here https://www.digitalocean.com/community/questions/scp-fails-while-ssh-works

Any suggestions? The droplet was created using the LAMP image from the marketplace, and UFW is disabled.

Add a comment
mirkomen77
By:
mirkomen77

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How to route outgoing connection via Floating IP Question Question
SFO2 region packet loss / Telia issue? Question Question
Add a comment
1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
bobbyiliev July 31, 2019

Hello,

I tried recreating this at my end and indeed once you deploy the LAMP image from the marketplace you can not ping it. But once I’ve disabled the UFW I was able to ping it.

Can you run the following commands and provide me with the output:

  • First check the UFW status:
ufw status
  • Then disable the firewall
ufw disable
  • Then check te status again and make sure that it is inactive:
ufw status

Regarding the scp and the rsync commands, they run over ssh so if you are able to ssh there should be no reason not to be able to use the commands. Can you share the exact commands that you are using and the output that you get?

Regards,
Bobby

Reply Report
  • mirkomen77 July 31, 2019

    Thanks for your reply. UFW is disabled:

    ufw status verbose

    Status: inactive

    if I ping the IP address I get timeout errors, if I do scp/rsync same thing, it times out.

    ping http://167.71.129.101/
    PING http://167.71.129.101/ (54.72.52.58): 56 data bytes
    Request timeout for icmp_seq 0
    Request timeout for icmp_seq 1
    Request timeout for icmp_seq 2

    and (from destination folder on the droplet)

    sudo scp -P 10022 -r mmenegaz@five.epicollect.net:/var/www/html_prod/deploy.php .

    times out as well.

    Reply Report
    • bobbyiliev July 31, 2019

      Hello,

      I tried pinging the IP that you’ve provided and I can confirm that it is pinging as normal. Are you pinging it from your local machine? Have you tried pinging any other IPs and check if you are getting the same result?

      Regarding the scp command, I tried connecting to the five.epicollect.net host on port 10022 and I was not able to, maybe you should whitelist your droplet’s IP on the five.epicollect.net host so that you could connect to it.

      A simple test about the port would be:

      • From your droplet run:
      telnet five.epicollect.net 10022
      • And then again run:
      telnet portquiz.net 10022

      If the fist one times out but the second one succeeds then mostlikely port 10022 is restricted on the remote server.

      Let me know how it goes!
      Bobby

      Reply Report
      • mirkomen77 July 31, 2019

        five.epicollect.net allows ssh connections only over VPN (which I am connected to).
        any incoming request not on port 10022 or https is blocked, all outgoing traffic is allowed.

        Does this mean I need to use my local machine as a bridge to transfer files from that server to the droplet?

        By the way, pinging any other address works.

        Reply Report
        • bobbyiliev July 31, 2019

          Hello,

          Yes, using your local machine as a bridge sounds like a plan. Then this would definitely work.

          Another option would be to try and use a VPN client on the droplet itself and connect to your VPN, then you should be able to access the five.epicollect.net server directly from the droplet.

          Regarding the ping issue, it’s strange as I am able to ping the droplet at my end, have you tried pinging it without being connected to your VPN?

          Regards,
          Bobby

          Reply Report

Related

Looking for something else?

Ask a new question Search for more help