Unable to ping my server.

May 24, 2015 7.2k views
DNS

I have another question about this tutorial. https://www.digitalocean.com/community/tutorials/how-to-set-up-a-host-name-with-digitalocean

Down the bottom it says to ping your domain name.
So I tried ping www.mydomainname.com.au
and I got a request time out.
Then I tried pinging my server ip address and that didn't work either.
Could this be because I have set up my iptables to only accept port 22 and port 80?
Or would this be happening for some other reason?

David.

2 comments
9 Answers

Is your Server "active", do you changed the DNS Config ?

See here : http://imgur.com/HsEpFP9,s9FnJCh,lhYQmgY,0Bkmvxc,AiCmWOE

What rules have you set for iptables?

  • davidsullivan19 less than a minute ago
    When I have the following:

    -P INPUT DROP
    -P FORWARD ACCEPT
    -P OUTPUT ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

    I cannot ping my server.
    But if I change the rules in the iptables to this:

    -P INPUT ACCEPT
    -P FORWARD ACCEPT
    -P OUTPUT ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

    Pinging my server works.
    So now I am convinced even more that it's my iptable rules causing the problem.

    Thanks
    David.
    Reply

@davidsullivan19 : you have to use an IPtables rule like :

-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

/Xavier

When I have the following:

-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

I cannot ping my server.
But if I change the rules in the iptables to this:

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

Pinging my server works.
So now I am convinced even more that it's my iptable rules causing the problem.

Thanks
David.

OH yeah, that's probably what I"m looking for.
Let me have some dinner and then I will try that out and let you know.

David.

Ok, now i have locked myself out of the server.
I'm pretty sure my last iptables rules were set as:

-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

I read on this link that you can still get access through the console on our digitaloceans account, but that's not working either.

So now how do I get back in? Or since I have nothing valuable on the droplet yet, all I have done is frigged around with the iptables set the DNS, I could just delete this droplet and restart it. Is that possible too? I would prefer to get into the server somehow though.. or some other solution.

David.

Ok, I'm able to get into my server now. It must not have been a case of locking myself out with iptables, but some other reason. Anyway, I'm in now. I will try what you said Xavier.

One of the first things to try and probably the simplest one is checking whether there isn't any invalid route in the routing table on your local computer. It's especially an issue if you use VPN by IP address through different networks and locations. You can try flushing all routes using this command:

route -n flush

do this a few times and then turn your network card (wifi or ethernet) off and on again.

Have another answer? Share your knowledge.