I think it would show with ip route if it was taken. I still don’t know why it didn’t take though. Unless it is clever enough to know that 192.168.0.1 really isn’t a IPv4 gateway. Though if that is the IPv4 address of your router, I think it should be. Unless maybe you have multiple ethernet lines or something.
29:15 – Reddit is (temporarily) operative again.
00:30 – Reddit is inoperative again.
Nope. Solely one physical connector to a switch that connects to another switch that connects to the router. I’ve tried to connect without the closest switch attached by connecting the cable directly to the port; no difference.
Maybe some firewall rules could be blocking your IPv4 traffic somewhere along the line. That would be my next guess. I guess check the output of iptables --list-rules and/or nft list ruleset (Fedora Linux is transitioning from “iptables” to “nftables” and which you are using might depend on when you last did a “fresh” install).
1 Like
[BEEDELLROKEJULIANLOCKHART@1656943212 ~]$ iptables --list-rules
iptables v1.8.7 (nf_tables): Could not fetch rule set generation id: Permission denied (you must be root)
[BEEDELLROKEJULIANLOCKHART@1656943212 ~]$ sudo iptables --list-rules
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
[BEEDELLROKEJULIANLOCKHART@1656943212 ~]$ nft list ruleset
Operation not permitted (you must be root)
[BEEDELLROKEJULIANLOCKHART@1656943212 ~]$ sudo nft list ruleset
table inet firewalld {
ct helper helper-netbios-ns-udp {
type "netbios-ns" protocol udp
l3proto ip
}
chain mangle_PREROUTING {
type filter hook prerouting priority mangle + 10; policy accept;
jump mangle_PREROUTING_ZONES
}
chain mangle_PREROUTING_POLICIES_pre {
jump mangle_PRE_policy_allow-host-ipv6
}
chain mangle_PREROUTING_ZONES {
iifname "enp5s0" goto mangle_PRE_FedoraWorkstation
goto mangle_PRE_FedoraWorkstation
}
chain mangle_PREROUTING_POLICIES_post {
}
chain nat_PREROUTING {
type nat hook prerouting priority dstnat + 10; policy accept;
jump nat_PREROUTING_ZONES
}
chain nat_PREROUTING_POLICIES_pre {
jump nat_PRE_policy_allow-host-ipv6
}
chain nat_PREROUTING_ZONES {
iifname "enp5s0" goto nat_PRE_FedoraWorkstation
goto nat_PRE_FedoraWorkstation
}
chain nat_PREROUTING_POLICIES_post {
}
chain nat_POSTROUTING {
type nat hook postrouting priority srcnat + 10; policy accept;
jump nat_POSTROUTING_ZONES
}
chain nat_POSTROUTING_POLICIES_pre {
}
chain nat_POSTROUTING_ZONES {
oifname "enp5s0" goto nat_POST_FedoraWorkstation
goto nat_POST_FedoraWorkstation
}
chain nat_POSTROUTING_POLICIES_post {
}
chain filter_PREROUTING {
type filter hook prerouting priority filter + 10; policy accept;
icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept
meta nfproto ipv6 fib saddr . mark . iif oif missing drop
}
chain filter_INPUT {
type filter hook input priority filter + 10; policy accept;
ct state { established, related } accept
ct status dnat accept
iifname "lo" accept
jump filter_INPUT_ZONES
ct state invalid drop
reject with icmpx admin-prohibited
}
chain filter_FORWARD {
type filter hook forward priority filter + 10; policy accept;
ct state { established, related } accept
ct status dnat accept
iifname "lo" accept
ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable
jump filter_FORWARD_ZONES
ct state invalid drop
reject with icmpx admin-prohibited
}
chain filter_OUTPUT {
type filter hook output priority filter + 10; policy accept;
ct state { established, related } accept
oifname "lo" accept
ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable
jump filter_OUTPUT_POLICIES_pre
jump filter_OUTPUT_POLICIES_post
}
chain filter_INPUT_POLICIES_pre {
jump filter_IN_policy_allow-host-ipv6
}
chain filter_INPUT_ZONES {
iifname "enp5s0" goto filter_IN_FedoraWorkstation
goto filter_IN_FedoraWorkstation
}
chain filter_INPUT_POLICIES_post {
}
chain filter_FORWARD_POLICIES_pre {
}
chain filter_FORWARD_ZONES {
iifname "enp5s0" goto filter_FWD_FedoraWorkstation
goto filter_FWD_FedoraWorkstation
}
chain filter_FORWARD_POLICIES_post {
}
chain filter_OUTPUT_POLICIES_pre {
}
chain filter_OUTPUT_POLICIES_post {
}
chain filter_IN_FedoraWorkstation {
jump filter_INPUT_POLICIES_pre
jump filter_IN_FedoraWorkstation_pre
jump filter_IN_FedoraWorkstation_log
jump filter_IN_FedoraWorkstation_deny
jump filter_IN_FedoraWorkstation_allow
jump filter_IN_FedoraWorkstation_post
jump filter_INPUT_POLICIES_post
meta l4proto { icmp, ipv6-icmp } accept
reject with icmpx admin-prohibited
}
chain filter_IN_FedoraWorkstation_pre {
}
chain filter_IN_FedoraWorkstation_log {
}
chain filter_IN_FedoraWorkstation_deny {
}
chain filter_IN_FedoraWorkstation_allow {
ip6 daddr fe80::/64 udp dport 546 ct state { new, untracked } accept
tcp dport 22 ct state { new, untracked } accept
udp dport 137 ct helper set "helper-netbios-ns-udp"
udp dport 137 ct state { new, untracked } accept
udp dport 138 ct state { new, untracked } accept
ip daddr 224.0.0.251 udp dport 5353 ct state { new, untracked } accept
ip6 daddr ff02::fb udp dport 5353 ct state { new, untracked } accept
udp dport 1025-65535 ct state { new, untracked } accept
tcp dport 1025-65535 ct state { new, untracked } accept
}
chain filter_IN_FedoraWorkstation_post {
}
chain nat_POST_FedoraWorkstation {
jump nat_POSTROUTING_POLICIES_pre
jump nat_POST_FedoraWorkstation_pre
jump nat_POST_FedoraWorkstation_log
jump nat_POST_FedoraWorkstation_deny
jump nat_POST_FedoraWorkstation_allow
jump nat_POST_FedoraWorkstation_post
jump nat_POSTROUTING_POLICIES_post
}
chain nat_POST_FedoraWorkstation_pre {
}
chain nat_POST_FedoraWorkstation_log {
}
chain nat_POST_FedoraWorkstation_deny {
}
chain nat_POST_FedoraWorkstation_allow {
}
chain nat_POST_FedoraWorkstation_post {
}
chain filter_FWD_FedoraWorkstation {
jump filter_FORWARD_POLICIES_pre
jump filter_FWD_FedoraWorkstation_pre
jump filter_FWD_FedoraWorkstation_log
jump filter_FWD_FedoraWorkstation_deny
jump filter_FWD_FedoraWorkstation_allow
jump filter_FWD_FedoraWorkstation_post
jump filter_FORWARD_POLICIES_post
reject with icmpx admin-prohibited
}
chain filter_FWD_FedoraWorkstation_pre {
}
chain filter_FWD_FedoraWorkstation_log {
}
chain filter_FWD_FedoraWorkstation_deny {
}
chain filter_FWD_FedoraWorkstation_allow {
}
chain filter_FWD_FedoraWorkstation_post {
}
chain nat_PRE_FedoraWorkstation {
jump nat_PREROUTING_POLICIES_pre
jump nat_PRE_FedoraWorkstation_pre
jump nat_PRE_FedoraWorkstation_log
jump nat_PRE_FedoraWorkstation_deny
jump nat_PRE_FedoraWorkstation_allow
jump nat_PRE_FedoraWorkstation_post
jump nat_PREROUTING_POLICIES_post
}
chain nat_PRE_FedoraWorkstation_pre {
}
chain nat_PRE_FedoraWorkstation_log {
}
chain nat_PRE_FedoraWorkstation_deny {
}
chain nat_PRE_FedoraWorkstation_allow {
}
chain nat_PRE_FedoraWorkstation_post {
}
chain mangle_PRE_FedoraWorkstation {
jump mangle_PREROUTING_POLICIES_pre
jump mangle_PRE_FedoraWorkstation_pre
jump mangle_PRE_FedoraWorkstation_log
jump mangle_PRE_FedoraWorkstation_deny
jump mangle_PRE_FedoraWorkstation_allow
jump mangle_PRE_FedoraWorkstation_post
jump mangle_PREROUTING_POLICIES_post
}
chain mangle_PRE_FedoraWorkstation_pre {
}
chain mangle_PRE_FedoraWorkstation_log {
}
chain mangle_PRE_FedoraWorkstation_deny {
}
chain mangle_PRE_FedoraWorkstation_allow {
}
chain mangle_PRE_FedoraWorkstation_post {
}
chain filter_IN_policy_allow-host-ipv6 {
jump filter_IN_policy_allow-host-ipv6_pre
jump filter_IN_policy_allow-host-ipv6_log
jump filter_IN_policy_allow-host-ipv6_deny
jump filter_IN_policy_allow-host-ipv6_allow
jump filter_IN_policy_allow-host-ipv6_post
}
chain filter_IN_policy_allow-host-ipv6_pre {
}
chain filter_IN_policy_allow-host-ipv6_log {
}
chain filter_IN_policy_allow-host-ipv6_deny {
}
chain filter_IN_policy_allow-host-ipv6_allow {
icmpv6 type nd-neighbor-advert accept
icmpv6 type nd-neighbor-solicit accept
icmpv6 type nd-router-advert accept
icmpv6 type nd-redirect accept
}
chain filter_IN_policy_allow-host-ipv6_post {
}
chain nat_PRE_policy_allow-host-ipv6 {
jump nat_PRE_policy_allow-host-ipv6_pre
jump nat_PRE_policy_allow-host-ipv6_log
jump nat_PRE_policy_allow-host-ipv6_deny
jump nat_PRE_policy_allow-host-ipv6_allow
jump nat_PRE_policy_allow-host-ipv6_post
}
chain nat_PRE_policy_allow-host-ipv6_pre {
}
chain nat_PRE_policy_allow-host-ipv6_log {
}
chain nat_PRE_policy_allow-host-ipv6_deny {
}
chain nat_PRE_policy_allow-host-ipv6_allow {
}
chain nat_PRE_policy_allow-host-ipv6_post {
}
chain mangle_PRE_policy_allow-host-ipv6 {
jump mangle_PRE_policy_allow-host-ipv6_pre
jump mangle_PRE_policy_allow-host-ipv6_log
jump mangle_PRE_policy_allow-host-ipv6_deny
jump mangle_PRE_policy_allow-host-ipv6_allow
jump mangle_PRE_policy_allow-host-ipv6_post
}
chain mangle_PRE_policy_allow-host-ipv6_pre {
}
chain mangle_PRE_policy_allow-host-ipv6_log {
}
chain mangle_PRE_policy_allow-host-ipv6_deny {
}
chain mangle_PRE_policy_allow-host-ipv6_allow {
}
chain mangle_PRE_policy_allow-host-ipv6_post {
}
}
[BEEDELLROKEJULIANLOCKHART@1656943212 ~]$
That’s a lot of output. Apologies.
Want me to disable the firewall?
Well, disabling the firewall isn’t normally a very good idea, but if you are OK with that, then that is a quick way to test if that is the problem. Unfortunately, firewalld makes very complicated rules that I cannot easily read to figure out what is going on. Personally, I stopped using firewalld and switched to writing my own nftables rules directly. 
1 Like
You might also need to try again at adding the IPv4 route after disabling the firewall.
Yes. That command again.
1 Like
[BEEDELLROKEJULIANLOCKHART@1656943212 ~]$ systemctl stop firewalld
[BEEDELLROKEJULIANLOCKHART@1656943212 ~]$ systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Tue 2022-08-09 00:38:13 BST; 11s ago
Docs: man:firewalld(1)
Process: 1284 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 1284 (code=exited, status=0/SUCCESS)
CPU: 481ms
Aug 08 10:38:45 1656943212 systemd[1]: Starting firewalld.service - firewalld - dynamic firewall daemon...
Aug 08 10:38:45 1656943212 systemd[1]: Started firewalld.service - firewalld - dynamic firewall daemon.
Aug 09 00:38:13 1656943212 systemd[1]: Stopping firewalld.service - firewalld - dynamic firewall daemon...
Aug 09 00:38:13 1656943212 systemd[1]: firewalld.service: Deactivated successfully.
Aug 09 00:38:13 1656943212 systemd[1]: Stopped firewalld.service - firewalld - dynamic firewall daemon.
[BEEDELLROKEJULIANLOCKHART@1656943212 ~]$ sudo ip route add default via 192.168.0.1 dev enp5s0
Error: Nexthop has invalid gateway.
[BEEDELLROKEJULIANLOCKHART@1656943212 ~]$
Identical problem, unfortunately.
Maybe check sudo nft list ruleset again to be sure the firewall rules were flushed.
1 Like
Flushed.
[BEEDELLROKEJULIANLOCKHART@1656943212 ~]$ sudo nft list ruleset
[BEEDELLROKEJULIANLOCKHART@1656943212 ~]$
Also, is there some way that you can verify that 192.168.0.1 is the correct address for your router? Can you access your router’s configuration page via some other device?
Yes: my smartphone, via Wi-Fi and Ethernet.
Just going from the output of ip -6 route that you posted earlier, I think you might be able to access your router at https://[fe80::a2bd:cdff:fe95:dd9]/ (I’m not sure if that will work, I don’t think I’ve ever tried a direct IPv6 address in a browser, I’m sure it would complain about the cert though, but I think you could just “accept” that).
1 Like
Nothing occurs if I attempt to connect to that address via firefox, and chromium-browser states:
This site can’t be reached
The web page at https://[fe80::a2bd:cdff:fe95:dd9]/ might be temporarily down or it may have moved permanently to a new web address.
ERR_INVALID_ARGUMENT
(If I attempt to connect to it without the trailing slash, the output is identical.)
Yeah, I wasn’t sure if that would work. You might also try without the square brackets.
My research has demonstrated that the square brackets are necessary to connect to IPv6 addresses. At least, if I attempt to without them, it searches for the address via “google.com”.
Well, I guess the next thing to try would be adding “192.168.0.1” as a default gateway via NetworkManager. Like I said earlier though, I don’t know how to do that. Also, is your system being configured by DHCP?