Re: traceroute & ping fail
An update to myself...in case others are having this problem:
I added the following rule to my script:
$IPT -A INPUT -p icmp --icmp-type 0 -j ACCEPT
My understanding is now the box will accpet 'echo replies' that I would generate
by 'ping debian.org'. I then went to another pc on the net and tried to ping
my own box and it still just drops the packets. (which I want) Can anyone see
anything wrong with what I've done?
On Sun, Oct 01, 2000 at 01:47:48PM -0500, William Jensen wrote:
> I think it's my firewall blocking them going _out_ because when I take the
> firewall offline both ping and traceroute work fine. Ping works on localhost,
> though traceroute does not when the firewall is up. Unfortunetly I am too new
> at both debian and firewalling to know where I went wrong. I'm trying to set
> it up so I can ping and traceroute to other boxes but other 'bad' boxes can't
> do it to me. What information can I follow this msg up with that will be
> helpful?
>
> I call the firewall from /etc/rc2.d/S90firewall_up which is just a sym link to
> /etc/init.d/firewall_up.
>
> On a side note, when I added the logging line:
>
> $IPT -A Firewall -j LOG --log-level info --log-prefix "Firewall:"
>
> It produces a TON of the following as fast as it can put them in the log file.
> How do I read this and even more importantly how can I make it log the "rejects"
> properly so that I can actually catch people trying to scan the box etc.
>
> Oct 1 13:28:11 stimpy kernel: Firewall:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:20:78:cb:ce:05:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=2 PROTO=UDP SPT=68 DPT=67 LEN=556
>
> If it would help I can attach the actual firewall script.
Reply to: