Network troubleshooting checklist

Topic: Networking basics

When connectivity fails, work through this order: link and IP, default route, DNS, service listening and firewall, then application. Use ping, ip route, getent/dig, ss and firewall rules to isolate whether the problem is local, path, or remote. References routing, DNS, ports, firewall, and fix guides so you do not guess at the wrong layer.

Intent: Checklist

Quick answer

  • Link and IP: ip addr; is the interface up and do you have an address? Ping the gateway. If no IP or no reply from gateway, fix addressing or link (see static IP, restart networking).
  • Routing and DNS: ip route; is there a default route? Ping a public IP (e.g. 8.8.8.8). If IP works but names fail, run getent and dig; fix resolver config or firewall for DNS (see DNS checklist, fix broken DNS).
  • Service and firewall: is the target service listening (ss -tlnp) and on which address? From the client, can you reach the port (nc -zv)? If not, check firewall (allow port, verify rules) and routing (no route to host vs connection refused).

Prerequisites

Steps

  1. Link, IP, and gateway

    Check interface state and address (ip addr). Ping the gateway. If no IP or no gateway reply, fix addressing (static/DHCP) or link; see configure static IP and restart networking safely.

  2. Default route and reachability by IP

    ip route; confirm default route. Ping a public IP (e.g. 8.8.8.8). If this fails, the problem is routing or path (see routing basics, inspect routing table, fix no route to host). If it works, continue to DNS.

  3. DNS

    getent hosts example.com; dig +short example.com. If IP reachability works but DNS fails, fix resolver config and firewall for DNS; see DNS checklist and fix broken DNS on Linux.

  4. Service and firewall

    On the server: ss -tlnp; is the service listening and on which address? From the client: nc -zv SERVER PORT. Connection refused means nothing listening or firewall drop; no route to host means routing. Fix with allow port, verify firewall rules, fix connection refused or no route to host.

Summary

Troubleshoot in order: link and IP, default route, DNS, then service and firewall. Use this checklist so you isolate the layer (addressing, routing, DNS, or application/firewall) and apply the right fix.

Prerequisites

Steps

Check interface and address (ip addr). Ping the gateway. If no IP or no reply, fix addressing or link.

Step 2: Default route and reachability by IP

Check default route (ip route). Ping a public IP. If this fails, the issue is routing or path. If it works, proceed to DNS.

Step 3: DNS

Test getent and dig. If IP works but names fail, fix resolver config and DNS firewall; use the DNS checklist and fix broken DNS.

Step 4: Service and firewall

On the server, confirm the service is listening (ss -tlnp). From the client, test the port (nc -zv). Use connection refused vs no route to host to distinguish listening/firewall from routing; then fix with the relevant guide.

Verification

  • You have isolated the failure to one of: link/IP, route, DNS, or service/firewall; and applied the corresponding fix.

Troubleshooting

Still unclear — Repeat from step 1; capture ip addr, ip route, ping, getent, dig, and ss from both sides; compare with expected config. Intermittent — Consider latency, packet loss, and path; see latency vs bandwidth vs packet loss.

Next steps

Continue to