LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Blocking incoming ICMP of host-only adapter (VMWare)
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-10-2014, 06:05 PM   #1
Taimur
LQ Newbie
 
Registered: Jun 2006
Posts: 9

Rep: Reputation: 0
Blocking incoming ICMP of host-only adapter (VMWare)

Here is the network information:

Router:
-------
eth0 [Bridged] : 172.18.25.2/24 [Gateway: 172.18.25.1]
eth1 [Host-Only]: 192.168.140.10


Linux Machine 1:
----------------
eth0 [Host-Only]: 192.168.140.201 [GW: 192.168.140.10]


Firewall Rules for Router:
# iptables -A FORWARD -p icmp --out-interface eth0 -j DROP
# iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE


Internet is working fine on Linux Test Machine. Now, I've blocked out-going icmp request on my network (so users can't ping any internet IP address).

I want to block incoming icmp traffic (which is coming from one machine to another within this network). Example:

A windows machine (with host-only network 192.168.140.225) shouldn't be able to ping my Linux Machine (192.168.140.201).

Please note that I'm doing this on VMWare only for testing purpose before I implement it on physical machines & devices.

Please advice, how do I block all incoming ICMP traffic to host-only adapters?

Regards,

Taimur
 
Old 07-11-2014, 04:28 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: Fedora
Posts: 4,140

Rep: Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263Reputation: 1263
Why would you do this? You will be blocking path MTU discovery, for example. Did you read an article somewhere that said ICMP is evil? Please don't post back here in the future when you have weird hard-to-debug network problems.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
UFW blocking certain incoming requests and not sure why smells_of_elderberries Linux - Security 10 04-02-2013 06:19 PM
Perl program to listen for incoming ICMP data systemlordanubis Programming 3 02-29-2012 04:04 AM
Blocking all incoming email attachments eyedrinkvenom Linux - Software 1 10-31-2010 04:37 AM
Blocking incoming trafic on port 80 NeoNecro Linux - Networking 2 11-19-2007 01:30 PM
Blocking ICMP requests metallica1973 Linux - Security 4 04-02-2006 12:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:51 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration