Linux: Troubleshooting Networking Issues
Firewall Issues
Misconfigured Firewall
Typo in firewall rule
A simple typo in a firewall rule can block traffic.
Use firewall-cmd --list-ports to see open ports
Remove bad rule with firewall-cmd --remove-port=<PORT>/PROTOCOL --permanent, re-issue the correct command, and reload the firewall with firewall-cmd --reload.
Incorrect Rule Ordering
This happens when a DROP or REJECT rule is placed above an ACCEPT rule, causing legitimate traffic to be blocked.
Forgetting to persist firewall changes across reboot
If a rule is added without --permanent the rule disappears after reboot.
Addressing Issues
DHCP issues
This issue occurs when servers or workstations fail to obtain an IP address automatically.
- Is the DCHP service is running at all?
- Does the server has free ip address to allocate? Check for DHCP scope for exhaustion by reviewing logs on the DHCP server.
- Do I need to expand the pool?
- Force client to request an ip again
- Confirm connectivity
- Update network documentation to reflect the change
IP conflicts
IP conflicts occur when two devices claim the same address, leading to intermittent connectivity or "duplicate address" warnings in syslog.
- Common signs are random disconnect, slow network performance, or ARP conflict messages.
- Identify all devices using the conflicting IP by checking the DHCP lease files and DNS records
- Assign a unique address to one of the devices
- Update any static configurations
- Clear the ARP cache to ensure no stale entries remain
- Monitor the network to confirm the conflict is gone
Dual stack issues
This issue occurs when a server configured for both IPV4 and IPV6 fail to handle traffic properly.
- Ping test may fail for either IPV4 or IPV6
- Does DNS records include both A and AAAA entries
- Adjust service configuration files to listen to both IPV4 and IPV6
- Test connectivity over both protocols and ensure firewalls allow the appropriate traffic on each address family
Routing Issues
DNS issues
ping my.server.com returns unknown host
Confirm the DNS server in /etc/resolv.conf
Make changes if necessary
Is the DNS server reachable
Test DNS resolution
Wrong gateway
- Why the packets are not leaving the local network?
- Can devices in the different subnet communicate?
- Can devices in other subnet communicate with external resources?
- Check default route with
ip route -n - Update default route if necessary
- Ping external resources to confirm connectivity
Server unreachable
When a server is unreachable, nor the hostname or ip address respond to ping.
- Use
ip linkto check if the network interface is up and running. - Check switch port and, VLAN settings
- Is the firewall blocking ICMP or SSH?
- Adjust port, VLAN, and firewall rule if necessary
- Confirm connectivity using ping or SSH
Interface Misconfiguration
Subnet misconfiguration
This issue occurs when an interface is assigned to the wrong network or network mask. That prevents the server from communicating with other devices in the network.
- Confirm address settings with
ip addr - Edit the interface's configuration so the IP address and netmask align with the correct network segment
- Apply changes with
netplan applyorsystemctl restart networking - Ping a known host on the subnet and confirm that traffic works has it should
MTU mismatch
This happens when one endpoint sends packet sized differently than the receiving interface can handle.
ping -s 1500=>Frag needed but DF set- Check MTU on each interface with
ip link show - Pick a consistent MTU value, which is often 1500 for standard networks, and update the interface configuration.
- Retry transfer or ping test to see correct connectivity
Cannot ping server
This often indicates a deeper interface misconfiguration, such as disabled interface, missing address, or firewall blocking ICMP
- Is the interface up with a valid ip address?
- Bring up the interface with
ip link set <INTEFACE> upand assign the correct IP address - Is the firewall blocking ICMP? use
sudo ufw statusoriptables -Lto ensure that ICMP is not blocked - Ping again to confirm connectivity
Interface bonding issues
Interface bonding is when combining two or more physical NICs into a single virtual interface to increase bandwidth and provide redundancy.
- Is any interface in
/proc/net/bonding/bond0markeddowneven though it is plugged? - Mode 0 (balance-rr), Mode 1 (active-backup), Mode 4 (802.3ad/LACP)
- Is the bonding driver loaded
- Check the bonding configuration in either
/etc/netplan...yamlon Ubuntu or/etc/sysconfig/network-scripts/ifcfg-bond0on RHEL - Check switch setting to confirm matching valid configuration
MAC spoofing issues
This issue occurs when tow NICs present the same MAC address.
arping <IP ADDRESS>returns multiple MAC address- Does
ip neighshows frequent MAC flapping? - Look for duplicate MAC address with
ip link show - Correct MAC settings
- Restart network service to apply changes confirm with the command
ip neigh show
Link Issues
This issue occurs when devices are unable to communicate effectively due to problem with the network interface.
Link down
The interface is failing to establish or maintain a connection.
Maybe a faulty cable
The port is disconnected?
Maybe the hardware is faulty
ip addr and ifconfig show the interface as down
Logs are found with dmesg and journalctl
Maybe the driver is bad
Maybe the interface is misconfigured
Maybe the interface is administratively down. use ip link show <INTERFACE> to confirm. Bring it up if necessary
Restart networking with systemctl restart network
Link negotiation
This involves problems in the automatic process where devices agree on the speed and duplex settings for their connection.
Common signs are poor performance, slow speeds, connectivity dropouts.
- Check link status with
ethtool <INTERFACE> - Is autonegotiation enabled
- Maybe there the hardware have issues. Review system logs for related issues
- Do the network driver have bugs and need to be updated?