Cannot ping newly created droplet, but ssh and browsing to the IP address work. Firewall is disabled

July 31, 2019 147 views
Networking Ubuntu 18.04

Hi All,

I have the same issue described here https://www.digitalocean.com/community/questions/scp-fails-while-ssh-works

Any suggestions? The droplet was created using the LAMP image from the marketplace, and UFW is disabled.

1 comment
1 Answer
bobbyiliev MOD July 31, 2019
Accepted Answer

Hello,

I tried recreating this at my end and indeed once you deploy the LAMP image from the marketplace you can not ping it. But once I’ve disabled the UFW I was able to ping it.

Can you run the following commands and provide me with the output:

  • First check the UFW status:
ufw status
  • Then disable the firewall
ufw disable
  • Then check te status again and make sure that it is inactive:
ufw status

Regarding the scp and the rsync commands, they run over ssh so if you are able to ssh there should be no reason not to be able to use the commands. Can you share the exact commands that you are using and the output that you get?

Regards,
Bobby

  • Thanks for your reply. UFW is disabled:

    ufw status verbose

    Status: inactive

    if I ping the IP address I get timeout errors, if I do scp/rsync same thing, it times out.

    ping http://167.71.129.101/
    PING http://167.71.129.101/ (54.72.52.58): 56 data bytes
    Request timeout for icmp_seq 0
    Request timeout for icmp_seq 1
    Request timeout for icmp_seq 2

    and (from destination folder on the droplet)

    sudo scp -P 10022 -r mmenegaz@five.epicollect.net:/var/www/html_prod/deploy.php .

    times out as well.

    • Hello,

      I tried pinging the IP that you’ve provided and I can confirm that it is pinging as normal. Are you pinging it from your local machine? Have you tried pinging any other IPs and check if you are getting the same result?

      Regarding the scp command, I tried connecting to the five.epicollect.net host on port 10022 and I was not able to, maybe you should whitelist your droplet’s IP on the five.epicollect.net host so that you could connect to it.

      A simple test about the port would be:

      • From your droplet run:
      telnet five.epicollect.net 10022
      
      • And then again run:
      telnet portquiz.net 10022
      

      If the fist one times out but the second one succeeds then mostlikely port 10022 is restricted on the remote server.

      Let me know how it goes!
      Bobby

      • five.epicollect.net allows ssh connections only over VPN (which I am connected to).
        any incoming request not on port 10022 or https is blocked, all outgoing traffic is allowed.

        Does this mean I need to use my local machine as a bridge to transfer files from that server to the droplet?

        By the way, pinging any other address works.

        • Hello,

          Yes, using your local machine as a bridge sounds like a plan. Then this would definitely work.

          Another option would be to try and use a VPN client on the droplet itself and connect to your VPN, then you should be able to access the five.epicollect.net server directly from the droplet.

          Regarding the ping issue, it’s strange as I am able to ping the droplet at my end, have you tried pinging it without being connected to your VPN?

          Regards,
          Bobby

Have another answer? Share your knowledge.