No connection to CUPS, SSH possible, ICMP is blocked

Hi everyone,
I have migrated from Leap 42.2 to Leap 15.1 two days ago. Under 42.2 the PC was being used as regular desktop, provided print services (CUPS) in a small LAN and mounted shares from a filesserver as necessary via autofs. After the migration neither the access to CUPS nor the automounting is still working. I also cannot ping from a different PC in the LAN to this 15.1 PC. Ping between other Windows and Linux PCs in the LAN works.

On the 15.1 PC CUPS is working. I can administer it by opening http://localhost:631 and the printer prints local print jobs. Remote admin, printer sharing and internet access are enabled. Nevertheless, I am not able to admin CUPS remotely and I cannot print from remote. This even with firewalld disabled. I can ping from this PC but not to this PC even with firewalld disabled, empty iptables, and “net.ipv4.icmp_echo_ignore_all = 0” and “net.ipv4.icmp_echo_ignore_broadcasts = 0” set in /etc/sysctl.conf. With sshd running and no firewall I am still unable to ssh into this PC. I can manually mount NFS shares on the fileserver but automount does not work anymore. “auto.master” and “auto.fileserv” are present and written acc. to the rules in the man pages.

I am at the end of my wits and this is driving me nuts. Searching the WWW did not come up with any valuable help. So I am hoping that here someone can give me a helpful hint.

Hmm, ich glaube, in diesem Forum wird Deutsch verstanden.

Ich schätze mal, dass Deine Firewall der Grund für die Probleme ist.

Probier mal

SuSEfirewall2 stop

(muss als root ausgeführt werden)

Danach sollte alles wieder gehen.

Damit es auch nach dem nächsten Booten noch geht, änderst du den entsprechenden Eintrag am besten in yast (firewall).

Can you post the output of

iptables -L -nv

  • and -
    iptables -t nat -L -nv


edit: assuming you’re on an IPv4 network?

Hi and welcome to the Forum
You have posted in the German subforum, will move it over to the English side :wink:

I will refrain from posting the empty tables. As said in my post firewalld is disabled and iptables is empty. Nevertheless, the PC acts as if it is completely walled off. That is what is driving me crazy.

Let us check first if you do have a LAN connection at all (even if you say you can ping, we want to “see” things)

ip addr


ping -c1 <to another system on the LAN>

Ok, fair enough. Here it goes:

The network setup:

bigair2:~ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether d0:50:99:77:11:bf brd ff:ff:ff:ff:ff:ff
inet brd scope global noprefixroute dynamic eth0
valid_lft 2089sec preferred_lft 2089sec
inet6 2a02:1810:142a:a800:407b:8aae:51e2:164a/64 scope global temporary dynamic
valid_lft 227901sec preferred_lft 55101sec
inet6 2a02:1810:142a:a800:28ce:c4a9:cde6:aa23/64 scope global mngtmpaddr noprefixroute dynamic
valid_lft 227901sec preferred_lft 55101sec
inet6 fe80::f60b:a5d7:6a82:a89/64 scope link noprefixroute
valid_lft forever preferred_lft forever

Ping to another Linux box:

bigair2:~ # ping -c1 fileserv
PING fileserv ( 56(84) bytes of data.
64 bytes from fileserv ( icmp_seq=1 ttl=64 time=0.584 ms

— fileserv ping statistics —
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.584/0.584/0.584/0.000 ms

Ping from that Linux box to the PC with the issue:

magic@fileserv:~> ping -c1 bigair2
PING bigair2 ( 56(84) bytes of data.
From ( icmp_seq=1 Destination Host Unreachable

— bigair2 ping statistics —
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

Iptables of the PC with the issue (firewalld is disabled):

bigair2:~ # iptables -L -nv
Chain INPUT (policy ACCEPT 3704K packets, 6655M bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 1946K packets, 104M bytes)
pkts bytes target prot opt in out source destination

The kernel settings for ICMP handling:

bigair2:~ # cat /proc/sys/net/ipv4/icmp_echo_ignore_all
bigair2:~ # cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

I hope this helps.

Edit: This is so emabarrassing. Going through my post I realized that the IP address after the migration is a different one than before because it is assigned via DHCP. I used to work with a fixed IP which I was still using from the remote PCs. Sorry for bugging you and thanks for making me look closer.

I read from the output:

  • the IP address on bigair2 as shown in the ip addr is
  • the IP address of the ping from fileserev to bigair2 is

As 209 is to the same as 9, something is wrong with your hostname resolving. In /etc/hosts? Or in your local DNS?