Network display not working

SvenK

Hi folks,
on the server dashboard, there is this "Network" panel, right next to the "Memory usage" panel.
But this "Network" panel works only on my Enhance Control Server. On all other servers (application, mail, DNS etc.) it show an error message:

Failed to load
There has been an error while trying to fetch this data.
Refresh the page to try again.

In the firewall I opened every port between these servers, as recommended in the documentation and all the services seem to work fine - exept this Network panel.

Any idea, what could cause this problem?

Thanks in advance!

Greetings... Sven

Adam

Does the firewall permit ICMP?

SvenK

Adam You are right, that was the problem! Thanks a lot!
Maybe it should be mentioned in the documentation, that ICMP has to be opened in the firewall as well.
Btw. should I open to ICMP to the outside too, or only within my server cluster?

Greetings!

InDev

Adam Hey Adam,
just jumping in here. Your answer helped me out as well, thanks!

Do you happen to have a few more details on how to open up ICMP in the firewall without making it too wide open?
Would be great to know how to allow it just within the server cluster, especially when using ufw or similar tools.

Might be a good addition to the docs too 😊

Cheers!

xyzulu

InDev ufw on a standard enhance server does not block ICMP. Your firewall above the server is probably the issue. Nothing specific to enhance here, I’m sure Google help you learn.

InDev

xyzulu The problem isn't that obvious to me. Even if I disable UFW, I don't get any further because the last thing I see in the logs is the following:

2025-05-29T23:15:18.068702Z ERROR ThreadId(05) orchd::serverctl::server: Unable to parse ping response:
2025-05-29T23:15:18.068744Z ERROR ThreadId(05) orchd::error: Returning internal server error to the API: Error { kind: Internal, detail: None, msg: Some("Unable to parse ping response") }

If I could see somewhere what exactly it's pinging, then I might be able to make some progress.

The iptables configuration looks good as well.

iptables -L -v -n | grep icmp
    0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
    0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
    0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
    0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
    0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
    0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
    0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
    0     0 ACCEPT     1    --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8

xyzulu

InDev You are looking on the wrong end.. it's the other servers firewall (probably above the server) that is blocking the ping from your control server. You are overcomplicating this.. think simple.. the other server IP is not responding to a ping. You need to resolve that.

I am confused though.. you are using commands that show you have some server admin experience yet you are asking for help with this issue not at all related to Enhance. Perhaps you need to consult with the host of the other server (the one you are trying to ping).

InDev

Oh wait, I didn’t even tell you my context.
I took a random available root server, installed a bare 22.04 on it, ran my standard Ansible hardening playbook, and then executed the enhance install script.

So it’s just a system with a completely clean installation.

xyzulu

InDev Why run 22.04 and not 24.0.2?
You should be able to resolve the issue yourself if you know how to use Ansible.. I think I have provided you enough tips. Again, this is not an Enhance issue. Your other server is not reachable by ping from your Enhance control server. Resolve that.

I'll leave you to it.. if you need help from Enhance, you can open a support ticket with them.

Try it, from your control server: ping ip.of.other.server

InDev

xyzulu Totally overlooked the need for RAW sockets. Turns out it was much simpler than I expected.

The fix:
sudo setcap cap_net_raw+p /bin/ping

Sometimes it really is the obvious stuff that slips through. Thanks for the nudge!