[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IPTables allow ping.

Thanks for the help, I managed to fix it. The problem was at my hosting
providers end. They had messed up the routing table, since I was
connected using DRAC and I didnt notice that I wasnt able to connect.

That was the first file I checked when I couldnt ping the machine.
icmp_echo_ignore_all is set 0.

I tried tracerouting, it goes all the way to the gateway and then my
machine does not respond. Probably I need to add a rule for  icmp-type
30 to my firewall script so that it doesnt drop those packets.

Thanks,

Bharath

* Scott Edwards (msedwardsus@yahoo.com) wrote:
> 
> --- Ernest ter Kuile <ernestjw@xs4all.nl> wrote:
> 
> > 
> > I haven't checked your rules, but if you have a
> > modem/router (dsl or  
> > other), is configured to allow all icmp ? (just to
> > be sure of course)
> > 
> > Ernest
> 
> Also, you may want to verify that your kernel is
> allowing icmp packets:
> 
> root@satellite:/proc/sys/net/ipv4# cat
> icmp_echo_ignore_all
> 
> If you see the number 1, icmp packets (i.e., ping)
> will be ignored. You can change it with this command:
> 
> root@satellite:/proc/sys/net/ipv4# echo "0" >
> icmp_echo_ignore_all 
> 
> 
> -- Scott
> 
> 
> 
> 
> 
> > 
> > 
> > On 13 Jun, 2008, at 21:29, Bharath Ramesh wrote:
> > 
> > > I have a debian amd64 box. I am writing a set of
> > firewall rules. I  
> > > want
> > > to be able to ping my machine from outside. I
> > wrote the following  
> > > rule.
> > > I am still unable to ping my machine from outside.
> > Could someone  
> > > verify
> > > that my rule is correct.
> > >
> > > # Allow to/be ping(ed).
> > > $IPT --append INPUT --in-interface $EXTIF
> > --protocol icmp --icmp- 
> > > type 0 \
> > >      --destination $EXTIP --match state --state  
> > > NEW,ESTABLISHED,RELATED \
> > >      --jump ACCEPT
> > > $IPT --append INPUT --in-interface $EXTIF
> > --protocol icmp --icmp- 
> > > type 8 \
> > > 	--destination $EXTIP --match state --state
> > NEW,ESTABLISHED,RELATED \
> > > 	--jump ACCEPT
> > > $IPT --append OUTPUT --out-interface $EXTIF
> > --protocol icmp --icmp- 
> > > type 0 \
> > > 	--source $EXTIP --match state --state
> > NEW,ESTABLISHED,RELATED \
> > > 	--jump ACCEPT
> > > $IPT --append OUTPUT --out-interface $EXTIF
> > --protocol icmp --icmp- 
> > > type 8 \
> > > 	--source $EXTIP --match state --state
> > NEW,ESTABLISHED,RELATED \
> > > 	--jump ACCEPT
> > >
> > > I am able to ping other m/c from my m/c but I am
> > not able to ping from
> > > outside.
> > >
> > > Thanks,
> > >
> > > Bharath
> > >
> > > ---
> > > Bharath Ramesh       <bramesh@vt.edu>      
> > http://people.cs.vt.edu/~bramesh
> > >
> > >
> > > -- 
> > > To UNSUBSCRIBE, email to
> > debian-amd64-REQUEST@lists.debian.org
> > > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org
> > >
> > 
> > 
> > -- 
> > To UNSUBSCRIBE, email to
> > debian-amd64-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org
> > 
> > 
> 
> 
> 
>       
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-amd64-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

---
Bharath Ramesh       <bramesh@vt.edu>       http://people.cs.vt.edu/~bramesh
Reply to: