Linux Networking Troubleshooting — Mac Minis + M1¶
The Goal¶
- Find IPs of Debian minis (ethernet or Tailscale)
- Confirm connectivity between M1 and minis
- Diagnose when things aren't reachable
1. Finding IP Addresses¶
On the Debian minis¶
# List all interfaces and their IPs
ip addr show
# Short version — just IPs
ip -brief addr show
# Specific interface (ethernet is usually eth0, enp2s0, or similar)
ip addr show eth0
# If you don't know the interface name
ip link show
# Look for the non-loopback interface (not 'lo')
Sample output to read:
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP>
inet 192.168.1.42/24 brd 192.168.1.255 scope global enp2s0
inet 192.168.1.42 = that's your IP.
On M1 macOS¶
# List interfaces
ifconfig
# Just the relevant one (ethernet via adapter usually en3 or en5, WiFi is en0)
ifconfig en0
# Cleaner — specific interface
ipconfig getifaddr en0
# Find all IPs across all interfaces
ifconfig | grep "inet " | grep -v 127.0.0.1
Tailscale IPs¶
# On any node with Tailscale installed
tailscale ip -4
# Status of all Tailscale peers
tailscale status
2. Checking Connectivity¶
# Basic ping — is the host reachable?
ping <ip>
# Limit to 4 packets
ping -c 4 <ip>
# Check if a specific port is open (e.g. SSH on 22, k8s API on 6443)
nc -zv <ip> 22
nc -zv <ip> 6443
# Or with curl for HTTP
curl -v http://<ip>:<port>
3. Routing¶
# Show routing table — where does traffic go?
ip route show
# Which interface/gateway handles traffic to a specific IP?
ip route get <destination-ip>
4. DNS¶
# Resolve a hostname
nslookup <hostname>
dig <hostname>
# Quick check
host <hostname>
# What DNS server is being used?
cat /etc/resolv.conf
5. Checking Listening Ports¶
# What's listening on which port?
ss -tlnp
# Or with netstat (older systems)
netstat -tlnp
# Is something listening on port 6443 (k8s API)?
ss -tlnp | grep 6443
6. Firewall¶
# Check iptables rules (will be extensive on a k8s node)
sudo iptables -L -n
# Check ufw status (simpler firewall frontend)
sudo ufw status
# Check if firewalld is running
sudo systemctl status firewalld
7. Interface Up/Down¶
# Bring an interface up
sudo ip link set eth0 up
# Bring it down
sudo ip link set eth0 down
# Restart networking service (Debian)
sudo systemctl restart networking
8. SSH Connectivity (M1 → Minis)¶
# Basic SSH
ssh user@<mini-ip>
# Via Tailscale
ssh user@<tailscale-ip>
# With verbose output (debug connection issues)
ssh -v user@<mini-ip>
# Copy files M1 → mini
scp localfile user@<mini-ip>:/remote/path
# Copy files mini → M1
scp user@<mini-ip>:/remote/path ./localpath
9. Common Problems + Fixes¶
| Symptom | Likely cause | Check |
|---|---|---|
| Can't ping mini from M1 | Not on same network / firewall | ip route show on mini, check default gateway |
| SSH connection refused | SSH not running | sudo systemctl status ssh on mini |
| SSH timeout | Firewall blocking port 22 | sudo ufw status or ss -tlnp \| grep 22 |
| Tailscale peer not reachable | Not logged in / not running | tailscale status on both machines |
| Wrong IP showing | DHCP lease changed | Set static IPs (see below) |
10. Setting a Static IP on Debian¶
Edit /etc/network/interfaces:
auto enp2s0
iface enp2s0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 8.8.8.8
Then restart:
Recommended: set static IPs on both minis before kubeadm init.
DHCP changing IPs after cluster setup = things break.
11. Useful One-liners¶
# Who else is on my network?
sudo arp-scan --localnet # needs arp-scan installed
arp -a # ARP cache (partial view)
# Trace route to a host
traceroute <ip>
# Check interface stats (errors, drops)
ip -s link show eth0
# Watch live network traffic on an interface
sudo tcpdump -i eth0 -n
# Watch traffic to/from a specific IP
sudo tcpdump -i eth0 host <ip>