[NBLUG/talk] I think I broke my ping!

Dave Sisley dsisley at arczip.com
Tue Sep 30 10:57:00 PDT 2003


The trouble is, I'm not running firestarter.  Do you recommend I install it and 
set it up as you suggest below, or will that just muck me up even more?

-dave.


On Tue, Sep 30, 2003 at 08:47:12AM -0700, Mark Street wrote:
> You can ping out but the reply is blocked at the firewall.  
> /etc/firestarter/firewall.sh  will look something like this....  on the INPUT 
> meaning packets coming into your network from the outside.  If you want to 
> ping to the outside disable ICMP filtering in your firestarter script.
> 
> # ICMP: Ping Requests
> $IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type echo-request -j 
> $STOP
> # ICMP: Traceroute Requests
> $IPT -t filter -A INPUT -p udp -s 0/0 -d $NET --dport 33434 -j $STOP
> # ICMP: MS Traceroute Requests
> $IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type 
> destination-unreachable -j $STOP
> # ICMP: Unreachable Requests
> $IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type host-unreachable -j 
> $STOP
> # ICMP: Timestamping Requests
> $IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type timestamp-request 
> -j $STOP
> $IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type timestamp-reply -j 
> $STOP
> # ICMP: Address Masking
> $IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type 
> address-mask-request -j $STOP
> $IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type address-mask-reply 
> -j $STOP
> # ICMP: Redirection Requests
> $IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type redirect -j $STOP
> # ICMP: Source Quench Requests
> $IPT -t filter -A INPUT -p icmp -s 0/0 -d $NET --icmp-type source-quench -j 
> $STOP
> 
> 
> -- 
> Mark Street, D.C.
> Red Hat Certified Engineer
> Cert# 807302251406074
> --
> Key fingerprint = 3949 39E4 6317 7C3C 023E  2B1F 6FB3 06E7 D109 56C0
> GPG key http://www.streetchiro.com/pubkey.asc



More information about the talk mailing list