Can't Ping Router or Localhost

I’m on OpenSUSE Tumbleweed 20201216, and I’ve been using this installation with only occasional small issues since 2018. Today, though, I lost an entire day trying to fix the network interfaces, which have stopped working.

Behavior

I can use the menu in the bottom bar to connect to my router via Wifi, and the same menu shows a successful connection if I plug in an ethernet cable. However, after a few seconds the menu shows the connection as “limited connectivity”. When I try to use Firefox (or connect to the VPN I use for work), it just hangs, trying to connect, until it gives up.

When I try to ping my router, localhost, and a website (I had to manually copy this text):


me@here:~> ping -c10 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data

--- 192.168.1.1 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 9210ms

me@here:~> ping -c10 localhost
PING localhost(localhost (::1)) 56 data bytes

--- localhost ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 9202ms

me@here:~> ping -c10 google.com
ping: google.com: Temporary failure in name resolution

Notably, the router lists the computer as connected.

I’m happy to give any other output that anyone wants, but that’s the obvious one that comes to mind.

What I’ve Tried

This isn’t an exhaustive list, since I’ve been trying for 8 hours and didn’t keep track of everything.

  • Delete /etc/resolve.conf and restart network service / restart NetworkManager / reboot
  • Disable IPv6
  • Enable IPv6 on computer and router
  • Use wicked instead of NetworkManager
  • Unblocking the interface with rfkill (wasn’t necessary, according to rfkill list)
  • Rebooting with an older kernel version
  • Deleting the network configuration files in /etc/NetworkManager/system-connections/
  • Starting and restarting various network-related services
  • Running netconfig -f update
  • Looking through the dmesg logs to see if there was some error or warning (I didn’t find anything)
  • Connecting to my Android phone set to USB tethering, which did show up as an ethernet interface but had the same behavior as the normal ethernet interface (as described above)
  • Rebooting (many times over the course of today while trying to fix this)

Final Notes

I don’t recall making any network setting changes on the computer or router before this happened.

I’ve been using this computer with Tumbleweed for almost 2.5 years, and this hasn’t been an issue before, and I’ve been using it on this network 5 days a week this entire year.

The computer has been slowing down and having connection issues occasionally during this past week, but rebooting has fixed those issues each time until today.

My only partially-uninvestigated idea is that the firewall is somehow disallowing outbound traffic, but that seems wild, and a cursory look at the rules didn’t show anything obviously wrong.

Welcome to openSUSE Forums. Try to capture the NetworkManager logging in a terminal using

sudo journaltctl -fu NetworkManager

then attempt to start the wifi connection. Observe/capture what is reported. If you need to save it to a text file, then transfer to an internet-connected machine to share that output here.

Other useful information…when connected report back with output from

ip address
ip route

If you don’t get a DHCP address, that might indicate a problem with the router. Router brand and model? Have you tried restarting the router? Sometimes MAC-randomization can play havock with a router. Check NetworkManager to see how it is configured…
https://wiki.archlinux.org/index.php/NetworkManager#Configuring_MAC_address_randomization


me@here:~> sudo journaltctl -fu NetworkManager
-- Logs begin at Tue 2020-12-22 05:34:57 EST. --
Dec 22 10:39:35 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651575.8069] device (wlan1): supplicant interface state: completed -> disconnected
Dec 22 10:39:35 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651575.8069] device (p2p-dev-wlan1): supplicant management interface state: completed -> disconnected
Dec 22 10:39:35 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651575.8215] device (wlan1): state change: deactivating -> disconnected (reason 'user-requested', sys-iface-state: 'managed')
Dec 22 10:39:35 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651575.8266] dhcp4 (wlan1): canceled DHCP transaction
Dec 22 10:39:35 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651575.8266] dhcp4 (wlan1): state changed bound -> done
Dec 22 10:39:35 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651575.8348] device (wlan1): set-hw-addr: set MAC address to 7E:2B:F1:90:35:6C (scanning)
Dec 22 10:39:35 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651575.8685] device (wlan1): supplicant interface state: disconnected -> interface_disabled
Dec 22 10:39:35 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651575.8685] device (p2p-dev-wlan1): supplicant management interface state: disconnected -> interface_disabled
Dec 22 10:39:40 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651580.6049] device (wlan1): supplicant interface state: interface_disabled -> disconnected
Dec 22 10:39:40 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651580.6049] device (p2p-dev-wlan1): supplicant management interface state: interface_disabled -> disconnected
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8357] device (wlan1): Activation: starting connection 'Fios-DHXJ0-5G' (71e2049c-c7a8-414f-8cb6-5a3f0abf15f1)
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8357] audit: op="connection-activate" uuid="71e2049c-c7a8-414f-8cb6-5a3f0abf15f1" name="Fios-DHXJ0-5G" pid=2274 uid=1000 result="success"
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8358] device (wlan1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8361] manager: NetworkManager state is now CONNECTING
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8384] device (wlan1): set-hw-addr: reset MAC address to 9C:B6:D0:6B:C4:75 (preserve)
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8427] device (wlan1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8429] device (wlan1): Activation: (wifi) access point 'Fios-DHXJ0-5G' has security, but secrets are required.
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8429] device (wlan1): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8712] device (wlan1): supplicant interface state: disconnected -> interface_disabled
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8712] device (p2p-dev-wlan1): supplicant management interface state: disconnected -> interface_disabled
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8884] device (wlan1): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8887] device (wlan1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8890] device (wlan1): Activation: (wifi) connection 'Fios-DHXJ0-5G' has security, and secrets exist.  No new secrets needed.
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8890] Config: added 'ssid' value 'Fios-DHXJ0-5G'
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8890] Config: added 'scan_ssid' value '1'
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8890] Config: added 'bgscan' value 'simple:30:-70:86400'
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8890] Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256'
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8890] Config: added 'auth_alg' value 'OPEN'
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8890] Config: added 'psk' value '<hidden>'
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8962] device (wlan1): supplicant interface state: interface_disabled -> disconnected
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.8962] device (p2p-dev-wlan1): supplicant management interface state: interface_disabled -> disconnected
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.9060] device (wlan1): supplicant interface state: disconnected -> scanning
Dec 22 10:40:22 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651622.9060] device (p2p-dev-wlan1): supplicant management interface state: disconnected -> scanning
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5132] device (wlan1): supplicant interface state: scanning -> authenticating
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5132] device (p2p-dev-wlan1): supplicant management interface state: scanning -> authenticating
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5358] device (wlan1): supplicant interface state: authenticating -> associating
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5359] device (p2p-dev-wlan1): supplicant management interface state: authenticating -> associating
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5360] device (wlan1): supplicant interface state: associating -> 4way_handshake
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5361] device (p2p-dev-wlan1): supplicant management interface state: associating -> 4way_handshake
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5444] device (wlan1): supplicant interface state: 4way_handshake -> completed
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5445] device (wlan1): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network "Fios-DHXJ0-5G"
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5445] device (p2p-dev-wlan1): supplicant management interface state: 4way_handshake -> completed
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5611] device (wlan1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed')
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5614] dhcp4 (wlan1): activation: beginning transaction (timeout in 45 seconds)
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5777] dhcp4 (wlan1): option dhcp_lease_time      => '86400'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5777] dhcp4 (wlan1): option domain_name          => 'fios-router.home'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5777] dhcp4 (wlan1): option domain_name_servers  => '192.168.1.1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5777] dhcp4 (wlan1): option domain_search        => 'fios-router.home'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5777] dhcp4 (wlan1): option expiry               => '1608738027'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5777] dhcp4 (wlan1): option ip_address           => '192.168.1.163'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5777] dhcp4 (wlan1): option requested_broadcast_address => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5777] dhcp4 (wlan1): option requested_domain_name => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5777] dhcp4 (wlan1): option requested_domain_name_servers => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): option requested_domain_search => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): option requested_host_name  => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): option requested_interface_mtu => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): option requested_ms_classless_static_routes => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): option requested_nis_domain => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): option requested_nis_servers => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): option requested_ntp_servers => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): option requested_rfc3442_classless_static_routes => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): option requested_root_path  => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): option requested_routers    => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): option requested_static_routes => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): option requested_subnet_mask => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): option requested_time_offset => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): option requested_wpad       => '1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): option routers              => '192.168.1.1'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): option subnet_mask          => '255.255.255.0'
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5778] dhcp4 (wlan1): state changed unknown -> bound
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5804] device (wlan1): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed')
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5909] device (wlan1): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed')
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5911] device (wlan1): state change: secondaries -> activated (reason 'none', sys-iface-state: 'managed')
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5915] manager: NetworkManager state is now CONNECTED_LOCAL
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5930] manager: NetworkManager state is now CONNECTED_SITE
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.5931] policy: set 'Fios-DHXJ0-5G' (wlan1) as default for IPv4 routing and DNS
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.6824] device (wlan1): Activation: successful, device activated.
Dec 22 10:40:27 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651627.7155] audit: op="statistics" arg="refresh-rate-ms" pid=2274 uid=1000 result="success"
Dec 22 10:40:35 metis.va.wagner.com NetworkManager[1217]: <info>  [1608651635.2428] audit: op="statistics" arg="refresh-rate-ms" pid=2274 uid=1000 result="success"


me@here:~> ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 10:65:30:35:5a:18 brd ff:ff:ff:ff:ff:ff
3: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9c:b6:d0:6b:c4:75 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.163/24 brd 192.168.1.255 scope global dynamic noprefixroute wlan1
       valid_lft 86232sec preferred_lft 86232sec
    inet6 fe80::7b04:db73:c710:af41/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
4: br-08f0fd838fae: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:84:4b:0b:fa brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.1/16 brd 172.19.255.255 scope global br-08f0fd838fae
       valid_lft forever preferred_lft forever
5: br-a5423b89feb0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:f9:5a:ea:f8 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-a5423b89feb0
       valid_lft forever preferred_lft forever
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:e4:05:19:8d brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever


me@here:~> ip route
default via 192.168.1.1 dev wlan1 proto dhcp metric 20600 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
172.18.0.0/16 dev br-a5423b89feb0 proto kernel scope link src 172.18.0.1 linkdown 
172.19.0.0/16 dev br-08f0fd838fae proto kernel scope link src 172.19.0.1 linkdown 
192.168.1.0/24 dev wlan1 proto kernel scope link src 192.168.1.163 metric 600 

Thanks for the prompt response! I should’ve thought earlier to redirect terminal output to a file and use a flash drive.

The output you shared reports a successful connection…wlan1 is assigned a DHCP address, and you have a default route set as expected.

Yeah, it’s weird how normal everything seems, but it’s still not working. I just confirmed that the internet is working on the WIndows 10 partition of the same machine, though, so it doesn’t seem like it could be a hardware issue (though that seemed unlikely already, since the wifi, ethernet, and android usb tethering all didn’t work).

What other places can I look for irregularities?

Can you ping other hosts on the network? I wonder if the issue is with the router itself perhaps. I have already asked if you’ve tried power cycling it.

No, I cannot ping any other devices on the network.

Also, as you mentioned I forgot to address your questions about the router. It’s a Verizon Fios Quantum Gateway, and neither a soft reboot nor a hard reboot fixed the issue. I’ll take a look at that MAC randomization link to see if that’s relevant to me.

Disabling MAC randomization did not cause any noticeable changes.

i could be the router thats the issue not the os my wifi router decidet to do something where the wifi would connect and configure but it had seemingly no connection the the internet

For whatever reason,
Your system log reported difficulties setting up your network connection before finally connecting.
Maybe reboot and try again?
Maybe if possible look at your AP leases and see if you have a duplicate record for your machine?
Maybe clear all the DHCP leases and let every machine re-authenticate to create new leases. This should not affect any machine connecting for more than a few micro seconds.
Do you have both a wired and wireless connection to your DHCP and gateway router? (Disconnect one physically)

Some APs will block pinging other machines on your network, but you should be able to ping your AP router when you have a working connection. Ping both by IP address and by name to verify each are working properly.

TSU

Yes, it does appear to be router related.

FWIW, I have a Netgear Genie router that behaves like this occasionally. It generally affects only or two hosts, whereby they can connect to the AP, DHCP assignments are made, but it won’t pass traffic at all for the affected host(s), and a power cycle of the router becomes necessary. I will replace it when funds allow.

good that i could fin the probable cause of the issue i cant really say why this happens or how to fix the router if this is the case mine is just dead at the moment

Re router issues:

I have already tried soft- and hard-rebooting the router. The problem was not fixed. I’ve also made sure not to try and connect to the router simultaneously with ethernet and wifi, though both are individually unable to get traffic, ping anything, etc.

I’ll try renewing the DCHP leases and look into any AP lease issues. However, would those issues affect the hardware regardless of what OS is running? Because, as I’ve stated, the Windows OS on the same machine has no problems with connecting to the internet through the same router.

Is any firewall active? Did you try to stop it?

A real facepalm moment here: no, I didn’t try that, and I’m able to connect to the internet when I disable it (FirewallD). Obviously, that’s not a desirable final outcome, but it’s certainly progress. Is there some way I can set my FirewallD state to whatever the default is?

Check that you’re not using ‘drop’ zone. Switch the interface zone to ‘public’.

To list current settings, do

firewall-cmd --list-all

Firewalld documentation…

The firewall-config utility is convenient for those who prefer a GUI.
https://software.opensuse.org/package/firewall-config

I removed all zone rule files in /etc/firewalld/zones and rebooted, but it’s still the same behavior (unable to connect when the firewall is running, able to connect otherwise). I suspect that something (I guess Docker?) is adding rules/zones at startup if they don’t exist.

Here are my FirewallD logs from the journal, from startup to stopping the firewall:


me@here:~> sudo journalctl -u firewalld
-- Logs begin at Mon 2021-01-04 06:35:31 EST, end at Mon 2021-01-04 11:39:52 EST. --
Jan 04 11:35:34 here systemd[1]: Starting firewalld - dynamic firewall daemon...
Jan 04 11:35:35 here systemd[1]: Started firewalld - dynamic firewall daemon.
Jan 04 11:35:37 here firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -D PREROUTING -m addrtype --dst-type LOCAL -j DOCKER' failed: iptables v1.8.6 (legacy): Couldn't load target `DOCKER':No such file or directory
                                      
                                      Try `iptables -h' or 'iptables --help' for more information.
Jan 04 11:35:37 here firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -D OUTPUT -m addrtype --dst-type LOCAL ! --dst 127.0.0.0/8 -j DOCKER' failed: iptables v1.8.6 (legacy): Couldn't load target `DOCKER':No such file or directory
                                      
                                      Try `iptables -h' or 'iptables --help' for more information.
Jan 04 11:35:37 here firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -D OUTPUT -m addrtype --dst-type LOCAL -j DOCKER' failed: iptables v1.8.6 (legacy): Couldn't load target `DOCKER':No such file or directory
                                      
                                      Try `iptables -h' or 'iptables --help' for more information.
Jan 04 11:35:37 here firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -D PREROUTING' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jan 04 11:35:37 here firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -D OUTPUT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jan 04 11:35:37 here firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -F DOCKER' failed: iptables: No chain/target/match by that name.
Jan 04 11:35:37 here firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t nat -X DOCKER' failed: iptables: No chain/target/match by that name.
Jan 04 11:35:37 here firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER' failed: iptables: No chain/target/match by that name.
Jan 04 11:35:37 here firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER' failed: iptables: No chain/target/match by that name.
Jan 04 11:35:37 here firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION-STAGE-1' failed: iptables: No chain/target/match by that name.
Jan 04 11:35:37 here firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION-STAGE-1' failed: iptables: No chain/target/match by that name.
Jan 04 11:35:37 here firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION-STAGE-2' failed: iptables: No chain/target/match by that name.
Jan 04 11:35:37 here firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION-STAGE-2' failed: iptables: No chain/target/match by that name.
Jan 04 11:35:37 here firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
Jan 04 11:35:37 here firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
Jan 04 11:35:37 here firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i br-08f0fd838fae -o br-08f0fd838fae -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jan 04 11:35:37 here.location firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i br-a5423b89feb0 -o br-a5423b89feb0 -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jan 04 11:35:37 here.location firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jan 04 11:35:37 here.location firewalld[992]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jan 04 11:37:22 here.location systemd[1]: Stopping firewalld - dynamic firewall daemon...
Jan 04 11:37:26 here.location systemd[1]: firewalld.service: Succeeded.
Jan 04 11:37:26 here.location systemd[1]: Stopped firewalld - dynamic firewall daemon. 

And here’s iptables before and after bringing the firewall back up:


me@here:~> sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
me@here:~> sudo systemctl start firewalld
me@here:~> sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (3 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (0 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

Okay, so things stop working when I reboot and then start working again when I restart firewalld. The firewalld rules remain the same in both cases:

(firewall-cmd --list-all-zones)


block
  target: %%REJECT%%
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: 
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

dmz
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: ssh
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

docker (active)
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: br-08f0fd838fae br-a5423b89feb0 docker0
  sources: 
  services: 
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

drop
  target: DROP
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: 
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

external
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: ssh
  ports: 
  protocols: 
  forward: no
  masquerade: yes
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

home
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client mdns samba-client ssh
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

internal
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client mdns samba-client ssh
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

libvirt
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcp dhcpv6 dns ssh tftp
  ports: 
  protocols: icmp ipv6-icmp
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
    rule priority="32767" reject

nm-shared
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcp dns ssh
  ports: 
  protocols: icmp ipv6-icmp
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
    rule priority="32767" reject

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: wlan0
  sources: 
  services: dhcpv6-client ssh
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

trusted
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: 
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

work
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client ssh
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

However, iptables changes (showing using iptables -L).

After reboot:


Chain INPUT (policy DROP)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (3 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (3 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

After restarting firewalld:


Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (3 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (0 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Notably, the INPUT chain changed its default policy from DROP to ACCEPT, and there are several (seemingly) duplicate docker-related rules that were removed. I assume the default policy change is the important one.

I’m going to try and figure out what is changing the iptables policy at startup. Also, thank you to everyone for your help thus far. I was definitely planning on totally reinstalling today, and now I at least have a workaround.

The reason behind this can be the internet protocol which may have been corrupted. To solve this issue, I would suggest that you should clear your browser’s cache and reset the internet protocol by following these steps.

  • Clear your browser’s cookies by going to the internet explorer, Press CTRL+SHIFT+DEL, and click Delete
  • Go to chrome and press CTRL+SHIFT+DEL and click Clear Browsing Data
  • On Firefox type, CTRL+SHIFT+DEL and click Clear Now

Following these steps will help you a lot to fix this problem. You can also read more allspeedtest about this problem and its solution on this site.