How to diagnose no internet access

Topic: Networking basics

When a host cannot reach the internet: check default route, DNS resolution, and connectivity to the gateway and a public IP. Use ping, ip route, getent, and traceroute to isolate whether the failure is routing, DNS, or local firewall. Use this before changing config so you fix the right layer.

Intent: Troubleshooting

Quick answer

  • Confirm default route: ip route | grep default; ping the gateway IP; ping 8.8.8.8. If ping to gateway fails, fix local link or gateway; if gateway works but 8.8.8.8 fails, fix routing or NAT beyond the gateway.
  • Test DNS: getent hosts google.com or dig google.com; if IP works but name does not, DNS is the problem (resolver config, firewall blocking 53, or resolver down).
  • Check firewall: outbound and established/related must be allowed; if the host has no default route or wrong gateway, fix netplan or NetworkManager first.

Prerequisites

Steps

  1. Check default route and gateway

    ip route | grep default; if missing, add via netplan or ip route add default via GATEWAY. ping -c 2 GATEWAY_IP; if gateway fails, fix interface, cable, or gateway itself.

  2. Test connectivity to public IP

    ping -c 2 8.8.8.8; if gateway works but 8.8.8.8 fails, the problem is beyond the gateway (router, ISP, or NAT). traceroute 8.8.8.8 shows where the path stops.

  3. Test DNS

    getent hosts google.com; if this fails but ping 8.8.8.8 works, DNS is broken (resolver unreachable, wrong resolv.conf, or firewall blocking UDP/TCP 53). Fix resolver or firewall.

  4. Check local firewall

    If the host runs a firewall, ensure outbound is allowed and established/related is allowed so return traffic is permitted; blocking outbound or established can cause 'no internet' even when route and DNS are correct.

Summary

Diagnose “no internet” by checking the default route, pinging the gateway and a public IP, then testing DNS. Isolate whether the failure is local (no route, wrong gateway), beyond the gateway (routing/NAT), or DNS. Use this before changing config so you fix the right component.

Prerequisites

Steps

Step 1: Check default route and gateway

ip route
ping -c 2 GATEWAY_IP

No default route: add it (netplan or ip route add default via GATEWAY). Gateway unreachable: check interface, cable, and gateway.

Step 2: Test connectivity to public IP

ping -c 2 8.8.8.8
traceroute 8.8.8.8

If the gateway responds but 8.8.8.8 does not, the problem is upstream (router, NAT, or ISP).

Step 3: Test DNS

getent hosts google.com

If ping to 8.8.8.8 works but getent fails, the issue is DNS: resolver config, firewall blocking 53, or resolver down. Try dig @8.8.8.8 google.com to test a specific resolver.

Step 4: Check local firewall

Ensure outbound traffic is allowed and that established/related is allowed so replies can return. A host firewall that blocks outbound or established can cause “no internet” even when routing and DNS are correct.

Verification

  • You have a default route; ping to gateway and to 8.8.8.8 succeed; getent resolves a name; or you have identified which step fails and fixed it.

Troubleshooting

Gateway unreachable — Wrong IP or not on the same subnet; check interface address and prefix; check cable and switch.

8.8.8.8 unreachable but gateway works — Router or ISP issue; check router default route and NAT; try another public IP to rule out 8.8.8.8 being blocked.

DNS fails, ping works — Fix /etc/resolv.conf or netplan nameservers; allow outbound UDP/TCP 53; test with dig @resolver.

Next steps

Continue to