Restore outbound connectivity and name resolution when the host can reach the gateway but cannot reach public IPs and DNS names fail. Confirm interface state, restore a missing default route, then correct DNS via NetworkManager and verify HTTP access.
A VM on a training network reports: “I can ping the gateway, but the internet is down and DNS names fail.”
You have console access and must confirm IP configuration, confirm routing, confirm DNS, fix the issue, and verify access to
http://example.com.
Interface: eth0. Expected gateway: 10.0.2.2. Expected DNS server: 10.0.2.3.
Test site: http://example.com.
eth0 is up and has an IPv4 address.10.0.2.2.10.0.2.3 via NetworkManager and verify name resolution and HTTP access.“Internet is down” is not a single failure. You isolate it in layers:
Always prove public IP connectivity before you chase DNS. If ping 1.1.1.1 fails, DNS is not the root cause yet.
eth0 has an IPv4 address.
ip -4 addr show eth0If the interface has no IPv4 address, do not troubleshoot DNS yet. You need working addressing first.
ping -c 2 10.0.2.2This confirms local L2/L3 connectivity. If this fails, fix the local network before anything else.
ping -c 2 1.1.1.1If the gateway ping works but this fails, routing is usually broken (often a missing default route).
ip route
You should see a line starting with default via .... If it is missing, the host has no path to networks outside its subnet.
sudo ip route add default via 10.0.2.2 dev eth0This restores routing immediately but may not persist across reboot depending on how networking is managed. The lab focuses on incident-style restore first.
ping -c 2 1.1.1.1If this now works, routing is fixed. Move on to DNS.
resolvectl status
Check which DNS servers are assigned to eth0. In this lab, the DNS server is incorrect and must be set to 10.0.2.3.
eth0.
nmcli -t -f DEVICE,NAME con show --active | grep '^eth0:'You will use the connection name from this output in the next steps.
10.0.2.3 on the active connection.
sudo nmcli con mod "<CONNECTION_NAME>" ipv4.dns "10.0.2.3"
This updates the NetworkManager profile instead of editing /etc/resolv.conf by hand.
sudo nmcli con up "<CONNECTION_NAME>"Bringing the connection up re-applies the profile and pushes the DNS change into the resolver stack.
getent hosts example.com
curl -I http://example.comFirst prove DNS resolves the name, then prove end-to-end application connectivity with an HTTP request.
The upstream device may block egress ICMP, NAT may be broken, or the VM network may be isolated. In real systems, follow up with
traceroute or tracepath and firewall/policy checks.
Confirm the change landed with resolvectl status, verify you modified the correct active connection,
and re-check whether the environment expects additional DNS servers or search domains.
ip route add is runtime state. Persist it in the network manager used by the system so it survives reboot.
Pivot away from DNS. Check proxies, firewall egress rules, and whether HTTP is blocked while ICMP is allowed.
If you need to revert changes after the lab, remove the runtime default route you added and clear the connection DNS override.
sudo ip route del default via 10.0.2.2 dev eth0
sudo nmcli con mod "<CONNECTION_NAME>" ipv4.dns ""
sudo nmcli con up "<CONNECTION_NAME>"
ip route
resolvectl status
The default route matches the intended state for your environment, and DNS servers shown under Link (eth0) reflect the
active NetworkManager profile.
ip -4 addr show <iface>: show IPv4 addressing and interface state.ip route: inspect the routing table and default route.ip route add default via <gw> dev <if>: add a runtime default route.ip route del default via <gw> dev <if>: remove a runtime default route.ping -c N <ip>: test reachability (use an IP to bypass DNS).resolvectl status: inspect resolver state and per-link DNS servers.nmcli con show --active: list active NetworkManager connections.nmcli con mod "<con>" ipv4.dns "<server>": set DNS for a connection profile.nmcli con up "<con>": re-apply a NetworkManager profile.getent hosts <name>: validate NSS name resolution.curl -I <url>: confirm HTTP connectivity by checking response headers.tracepath <host>: inspect path behavior and discover MTU/routing issues.