LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-24-2003, 10:38 AM   #1
toastermaker
Member
 
Registered: Oct 2003
Location: coastal alabama, united states
Distribution: Mandrake 10.0 official, slackware 9.1
Posts: 219

Rep: Reputation: 30
troubleshooting nfs/can't ping local while firewall enabled


A step in troubleshooting nfs, brought to light a previous problem, but better defined.

I can't ping between boxes while my firewalls are set to defaults.

I want to leave as much of my firewalls intact but be able to ping between boxes.

1. Should local pinging work with my firewalls set to fully enabled (default)?
2. If not what setting should I add to firewall to allow local pinging?

If now is the time I have to learn all about ipchains then send a 2 pound aspirin with your replies. lol

Mandy 9.2 on both boxes, direct Ethernet cable with no hub

Continued gratitude to all those who help us newbies.
 
Old 11-24-2003, 02:53 PM   #2
Khabi
Member
 
Registered: Aug 2003
Location: Arizona
Distribution: Gentoo
Posts: 142

Rep: Reputation: 15
first we'll try the easier stuff.. try this command, see if it helps
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
 
Old 11-24-2003, 03:10 PM   #3
triki
Member
 
Registered: Sep 2003
Posts: 32

Rep: Reputation: 15
First question for you, are you using a crossover cable for connecting tow machines together ? If not you will need to grab one for this computer 2 compyter connection.
If you do have a crossover cable in use, are you using a similar C class IP.
ex. 192.168.1.*
computer one is 192.168.1.101 and the second computer 192.168.1.102

This would mean that the computers are setup on the same network.
What the firewall would restrict would be incomming/outgoing packets but not anything inside your network due to the fact that the firewall isn't between the two computer but on the outside.

One way to test would be to disable ipchains and try pinging, if you still can't ping then diffinately it has something to do with the network and not the firewall.

Hope that makes sense

Good Luck !

triki
 
Old 11-24-2003, 03:14 PM   #4
toastermaker
Member
 
Registered: Oct 2003
Location: coastal alabama, united states
Distribution: Mandrake 10.0 official, slackware 9.1
Posts: 219

Original Poster
Rep: Reputation: 30
If I am entering the command correctly the response is "permission denied"

Do I need to run it as root?
 
Old 11-24-2003, 03:17 PM   #5
toastermaker
Member
 
Registered: Oct 2003
Location: coastal alabama, united states
Distribution: Mandrake 10.0 official, slackware 9.1
Posts: 219

Original Poster
Rep: Reputation: 30
Thanks triki,
Yes to all your queries. I can ping when I turn off my firewall through Gui (mandrake control center)

Last edited by toastermaker; 11-24-2003 at 03:22 PM.
 
Old 11-24-2003, 03:20 PM   #6
toastermaker
Member
 
Registered: Oct 2003
Location: coastal alabama, united states
Distribution: Mandrake 10.0 official, slackware 9.1
Posts: 219

Original Poster
Rep: Reputation: 30
How would I disable ipchains for purpose of testing?
 
Old 11-24-2003, 03:28 PM   #7
Khabi
Member
 
Registered: Aug 2003
Location: Arizona
Distribution: Gentoo
Posts: 142

Rep: Reputation: 15
yes, you need to run that last command as root. to disable ipchains run "service ipchains stop" or "/etc/rc.d/init.d/ipchains stop" as root.
 
Old 11-24-2003, 03:36 PM   #8
toastermaker
Member
 
Registered: Oct 2003
Location: coastal alabama, united states
Distribution: Mandrake 10.0 official, slackware 9.1
Posts: 219

Original Poster
Rep: Reputation: 30
Again, if I am entering properly, the command now returns silently to the command line.

To know I'm entering properly is ther a space between the 0 and > ?
 
Old 11-24-2003, 03:58 PM   #9
toastermaker
Member
 
Registered: Oct 2003
Location: coastal alabama, united states
Distribution: Mandrake 10.0 official, slackware 9.1
Posts: 219

Original Poster
Rep: Reputation: 30
running "service ipchains stop" and "/etc/rc.d/init.d/ipchains stop" as root without the parenthisis returns "Cannot find ipchains service" and "No such file or directory"
 
Old 11-24-2003, 04:01 PM   #10
Khabi
Member
 
Registered: Aug 2003
Location: Arizona
Distribution: Gentoo
Posts: 142

Rep: Reputation: 15
Quote:
Originally posted by toastermaker
Again, if I am entering properly, the command now returns silently to the command line.

To know I'm entering properly is ther a space between the 0 and > ?
Yes, sorry I should have told you about that. It won't return anything. its just placing a 0 in that file name after it. 0 = enable pings, 1 = disable pings. you *might* have to restart the network for the changes to take effect.. I can't remember.

as for the other "service ipchains stop" if you're using mandrake its probably different. sorry I wasn't paying attention to the flavor you're running.
 
Old 11-24-2003, 04:03 PM   #11
Dewar
Member
 
Registered: Sep 2003
Location: Washington State
Distribution: SuSE 8.0, SuSE 9.0, Slack 9.1
Posts: 90

Rep: Reputation: 15
try "service iptables stop"
Mandrake 9.2 uses iptables instead of chains

Also, the command "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all" is correctly written and should dump you back to the command line with no response. This command must be run every time you reboot during testing, because some firewalls override this setting.

-Derek
 
Old 11-24-2003, 04:17 PM   #12
toastermaker
Member
 
Registered: Oct 2003
Location: coastal alabama, united states
Distribution: Mandrake 10.0 official, slackware 9.1
Posts: 219

Original Poster
Rep: Reputation: 30
Ok now I can ping both ways after running service iptables stop.

What does this mean? Is my firewall still good?
If my firewall is still good can I continue with setting up NFS?
Or have we just uncovered a problem that needs to be addressed before I should continue?
 
Old 11-24-2003, 04:27 PM   #13
Dewar
Member
 
Registered: Sep 2003
Location: Washington State
Distribution: SuSE 8.0, SuSE 9.0, Slack 9.1
Posts: 90

Rep: Reputation: 15
The iptables service basicaly is the guts of the firewall. It holds all the rules that allow some things, and drop others. Since the pinging works when iptables is off, we know that it's a rule problem with your firewall. So now we can add a couple of rules to it by hand.

Here are some quick and dirty rules for you. They are typed in at command prompt, and must be re-typed at every boot, since your firewall will overwrite them....

This enables all traffic from the loopback address:
iptables -I INPUT -s 127.0.0.0/8 -j ACCEPT
This enables incoming pings:
iptables -I INPUT -p ICMP -j ACCEPT
This enables outgoing pings:
iptables -I OUTPUT -p ICMP -j ACCEPT

Of course, that leaves you slightly vulnerable to malformed ICMP packets. If you want to be more secure, and only ping from your network use...

iptables -I INPUT -s (your source net) -p ICMP -j ACCEPT

instead of the second line above, where your source net is something like 192.168.0.0/24 (meaning all of your computers have IPs of 192.168.0.???)

Hope that helps
-Derek
 
Old 11-24-2003, 04:44 PM   #14
toastermaker
Member
 
Registered: Oct 2003
Location: coastal alabama, united states
Distribution: Mandrake 10.0 official, slackware 9.1
Posts: 219

Original Poster
Rep: Reputation: 30
Thanks Derek,
I hope that does help me somehow but will or should configuring NFS cause my iptables to be written to, so as not to have to edit manually every time I reboot?

continued gratitude to all those who help us newbies.
 
Old 11-24-2003, 09:23 PM   #15
toastermaker
Member
 
Registered: Oct 2003
Location: coastal alabama, united states
Distribution: Mandrake 10.0 official, slackware 9.1
Posts: 219

Original Poster
Rep: Reputation: 30
Ok still working on iptables.
Is that a capitol i or a lower case L in the "iptables -l Input...." ?

Is enabling traffic from the loopback address functionaly important or only for pinging myself for tests.?

Am I missing something so basic about setting up nfs or the lan that it is running on that they didn't bother to write about it in the How-To's. ?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FC4 won't ping 127.0.0.1 or the internet, but will ping local computers jalsk Linux - Networking 4 11-22-2005 06:59 PM
troubleshooting NFS following minimal install - pls help James007Bond Debian 17 08-13-2005 01:45 AM
Suse 9.2 firewall prevents 'ping' on local network? Steerpike Suse/Novell 5 11-27-2004 06:56 PM
dhcp client can't ping gateway but can ping other local hosts dirty_forks Linux - Networking 7 10-08-2004 11:54 AM
can't ping remote but can ping local hnash53 Linux - Networking 8 01-26-2004 09:24 PM


All times are GMT -5. The time now is 06:28 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration