[NBLUG/talk] I think I broke my ping!

Mark Street jet at sonic.net
Tue Sep 30 08:44:00 PDT 2003


You can ping out but the reply is blocked at the firewall.  
/etc/firestarter/firewall.sh  will look something like this....  on the INPUT 
meaning packets coming into your network from the outside.  If you want to 
ping to the outside disable ICMP filtering in your firestarter script.

# ICMP: Ping Requests
$IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type echo-request -j 
$STOP
# ICMP: Traceroute Requests
$IPT -t filter -A INPUT -p udp -s 0/0 -d $NET --dport 33434 -j $STOP
# ICMP: MS Traceroute Requests
$IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type 
destination-unreachable -j $STOP
# ICMP: Unreachable Requests
$IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type host-unreachable -j 
$STOP
# ICMP: Timestamping Requests
$IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type timestamp-request 
-j $STOP
$IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type timestamp-reply -j 
$STOP
# ICMP: Address Masking
$IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type 
address-mask-request -j $STOP
$IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type address-mask-reply 
-j $STOP
# ICMP: Redirection Requests
$IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type redirect -j $STOP
# ICMP: Source Quench Requests
$IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type source-quench -j 
$STOP


On Tuesday 30 September 2003 04:16, Dave Sisley wrote:
> I'm trying to set up IP masquerading as per the HOW-TOs Kyle suggested
> (excellent doc, by the way), and setting it up requires the use of ping for
> testing.
>
> I noticed awhile ago (i.e. before I played with the firewall) that I
> couldn't ping outside addresses like sonic.net or yahoo.com.  I'm able to
> get out onto the net with my browser or ssh or ftp, so it's not a
> connection problem. Also, I am able to self-ping (ping the machine's
> network IP address) and ping the network IP address of the other machine.
>
> I just can't ping outside my home network.  Anybody know why?
>
> -dave.
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/mailman/listinfo/talk

-- 
Mark Street, D.C.
Red Hat Certified Engineer
Cert# 807302251406074
--
Key fingerprint = 3949 39E4 6317 7C3C 023E  2B1F 6FB3 06E7 D109 56C0
GPG key http://www.streetchiro.com/pubkey.asc




More information about the talk mailing list