troubleshooting nfs/can't ping local while firewall enabled
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
First question for you, are you using a crossover cable for connecting tow machines together ? If not you will need to grab one for this computer 2 compyter connection.
If you do have a crossover cable in use, are you using a similar C class IP.
computer one is 192.168.1.101 and the second computer 192.168.1.102
This would mean that the computers are setup on the same network.
What the firewall would restrict would be incomming/outgoing packets but not anything inside your network due to the fact that the firewall isn't between the two computer but on the outside.
One way to test would be to disable ipchains and try pinging, if you still can't ping then diffinately it has something to do with the network and not the firewall.
Originally posted by toastermaker Again, if I am entering properly, the command now returns silently to the command line.
To know I'm entering properly is ther a space between the 0 and > ?
Yes, sorry I should have told you about that. It won't return anything. its just placing a 0 in that file name after it. 0 = enable pings, 1 = disable pings. you *might* have to restart the network for the changes to take effect.. I can't remember.
as for the other "service ipchains stop" if you're using mandrake its probably different. sorry I wasn't paying attention to the flavor you're running.
Also, the command "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all" is correctly written and should dump you back to the command line with no response. This command must be run every time you reboot during testing, because some firewalls override this setting.
Ok now I can ping both ways after running service iptables stop.
What does this mean? Is my firewall still good?
If my firewall is still good can I continue with setting up NFS?
Or have we just uncovered a problem that needs to be addressed before I should continue?
The iptables service basicaly is the guts of the firewall. It holds all the rules that allow some things, and drop others. Since the pinging works when iptables is off, we know that it's a rule problem with your firewall. So now we can add a couple of rules to it by hand.
Here are some quick and dirty rules for you. They are typed in at command prompt, and must be re-typed at every boot, since your firewall will overwrite them....
This enables all traffic from the loopback address:
iptables -I INPUT -s 127.0.0.0/8 -j ACCEPT
This enables incoming pings:
iptables -I INPUT -p ICMP -j ACCEPT
This enables outgoing pings:
iptables -I OUTPUT -p ICMP -j ACCEPT
Of course, that leaves you slightly vulnerable to malformed ICMP packets. If you want to be more secure, and only ping from your network use...