Re: IPTables allow ping.
I am not behind any modem/router this my dedicated server that I am just
setting it up.
Thanks,
Bharath
* Ernest ter Kuile (ernestjw@xs4all.nl) wrote:
>
> I haven't checked your rules, but if you have a modem/router (dsl or
> other), is configured to allow all icmp ? (just to be sure of course)
>
> Ernest
>
>
> On 13 Jun, 2008, at 21:29, Bharath Ramesh wrote:
>
>> I have a debian amd64 box. I am writing a set of firewall rules. I
>> want
>> to be able to ping my machine from outside. I wrote the following
>> rule.
>> I am still unable to ping my machine from outside. Could someone
>> verify
>> that my rule is correct.
>>
>> # Allow to/be ping(ed).
>> $IPT --append INPUT --in-interface $EXTIF --protocol icmp --icmp-type 0
>> \
>> --destination $EXTIP --match state --state
>> NEW,ESTABLISHED,RELATED \
>> --jump ACCEPT
>> $IPT --append INPUT --in-interface $EXTIF --protocol icmp --icmp-type 8
>> \
>> --destination $EXTIP --match state --state NEW,ESTABLISHED,RELATED \
>> --jump ACCEPT
>> $IPT --append OUTPUT --out-interface $EXTIF --protocol icmp --icmp-
>> type 0 \
>> --source $EXTIP --match state --state NEW,ESTABLISHED,RELATED \
>> --jump ACCEPT
>> $IPT --append OUTPUT --out-interface $EXTIF --protocol icmp --icmp-
>> type 8 \
>> --source $EXTIP --match state --state NEW,ESTABLISHED,RELATED \
>> --jump ACCEPT
>>
>> I am able to ping other m/c from my m/c but I am not able to ping from
>> outside.
>>
>> Thanks,
>>
>> Bharath
>>
>> ---
>> Bharath Ramesh <bramesh@vt.edu> http://people.cs.vt.edu/~bramesh
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-amd64-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>>
>
>
> --
> To UNSUBSCRIBE, email to debian-amd64-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
---
Bharath Ramesh <bramesh@vt.edu> http://people.cs.vt.edu/~bramesh
Reply to: