Re: IPTables allow ping.

To: debian-amd64@lists.debian.org
Subject: Re: IPTables allow ping.
From: Scott Edwards <msedwardsus@yahoo.com>
Date: Fri, 13 Jun 2008 16:21:57 -0700 (PDT)
Message-id: <[🔎] 945686.79468.qm@web65705.mail.ac4.yahoo.com>
In-reply-to: <[🔎] D9F54317-03C4-4F45-866C-2ED29C86D729@xs4all.nl>

--- Ernest ter Kuile <ernestjw@xs4all.nl> wrote:

> 
> I haven't checked your rules, but if you have a
> modem/router (dsl or  
> other), is configured to allow all icmp ? (just to
> be sure of course)
> 
> Ernest

Also, you may want to verify that your kernel is
allowing icmp packets:

root@satellite:/proc/sys/net/ipv4# cat
icmp_echo_ignore_all

If you see the number 1, icmp packets (i.e., ping)
will be ignored. You can change it with this command:

root@satellite:/proc/sys/net/ipv4# echo "0" >
icmp_echo_ignore_all 


-- Scott





> 
> 
> On 13 Jun, 2008, at 21:29, Bharath Ramesh wrote:
> 
> > I have a debian amd64 box. I am writing a set of
> firewall rules. I  
> > want
> > to be able to ping my machine from outside. I
> wrote the following  
> > rule.
> > I am still unable to ping my machine from outside.
> Could someone  
> > verify
> > that my rule is correct.
> >
> > # Allow to/be ping(ed).
> > $IPT --append INPUT --in-interface $EXTIF
> --protocol icmp --icmp- 
> > type 0 \
> >      --destination $EXTIP --match state --state  
> > NEW,ESTABLISHED,RELATED \
> >      --jump ACCEPT
> > $IPT --append INPUT --in-interface $EXTIF
> --protocol icmp --icmp- 
> > type 8 \
> > 	--destination $EXTIP --match state --state
> NEW,ESTABLISHED,RELATED \
> > 	--jump ACCEPT
> > $IPT --append OUTPUT --out-interface $EXTIF
> --protocol icmp --icmp- 
> > type 0 \
> > 	--source $EXTIP --match state --state
> NEW,ESTABLISHED,RELATED \
> > 	--jump ACCEPT
> > $IPT --append OUTPUT --out-interface $EXTIF
> --protocol icmp --icmp- 
> > type 8 \
> > 	--source $EXTIP --match state --state
> NEW,ESTABLISHED,RELATED \
> > 	--jump ACCEPT
> >
> > I am able to ping other m/c from my m/c but I am
> not able to ping from
> > outside.
> >
> > Thanks,
> >
> > Bharath
> >
> > ---
> > Bharath Ramesh       <bramesh@vt.edu>      
> http://people.cs.vt.edu/~bramesh
> >
> >
> > -- 
> > To UNSUBSCRIBE, email to
> debian-amd64-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> >
> 
> 
> -- 
> To UNSUBSCRIBE, email to
> debian-amd64-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
>

Reply to:

Follow-Ups:
- Re: IPTables allow ping.
  - From: Bharath Ramesh <bramesh@vt.edu>

References:
- Re: IPTables allow ping.
  - From: Ernest ter Kuile <ernestjw@xs4all.nl>

Prev by Date: Re: IPTables allow ping.
Next by Date: Re: IPTables allow ping.
Previous by thread: Re: IPTables allow ping.
Next by thread: Re: IPTables allow ping.
Index(es):
- Date
- Thread