troubleshooting nfs/can't ping local while firewall enabled
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
First question for you, are you using a crossover cable for connecting tow machines together ? If not you will need to grab one for this computer 2 compyter connection.
If you do have a crossover cable in use, are you using a similar C class IP.
ex. 192.168.1.*
computer one is 192.168.1.101 and the second computer 192.168.1.102
This would mean that the computers are setup on the same network.
What the firewall would restrict would be incomming/outgoing packets but not anything inside your network due to the fact that the firewall isn't between the two computer but on the outside.
One way to test would be to disable ipchains and try pinging, if you still can't ping then diffinately it has something to do with the network and not the firewall.
running "service ipchains stop" and "/etc/rc.d/init.d/ipchains stop" as root without the parenthisis returns "Cannot find ipchains service" and "No such file or directory"
Originally posted by toastermaker Again, if I am entering properly, the command now returns silently to the command line.
To know I'm entering properly is ther a space between the 0 and > ?
Yes, sorry I should have told you about that. It won't return anything. its just placing a 0 in that file name after it. 0 = enable pings, 1 = disable pings. you *might* have to restart the network for the changes to take effect.. I can't remember.
as for the other "service ipchains stop" if you're using mandrake its probably different. sorry I wasn't paying attention to the flavor you're running.
Also, the command "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all" is correctly written and should dump you back to the command line with no response. This command must be run every time you reboot during testing, because some firewalls override this setting.
Ok now I can ping both ways after running service iptables stop.
What does this mean? Is my firewall still good?
If my firewall is still good can I continue with setting up NFS?
Or have we just uncovered a problem that needs to be addressed before I should continue?
The iptables service basicaly is the guts of the firewall. It holds all the rules that allow some things, and drop others. Since the pinging works when iptables is off, we know that it's a rule problem with your firewall. So now we can add a couple of rules to it by hand.
Here are some quick and dirty rules for you. They are typed in at command prompt, and must be re-typed at every boot, since your firewall will overwrite them....
This enables all traffic from the loopback address:
iptables -I INPUT -s 127.0.0.0/8 -j ACCEPT
This enables incoming pings:
iptables -I INPUT -p ICMP -j ACCEPT
This enables outgoing pings:
iptables -I OUTPUT -p ICMP -j ACCEPT
Of course, that leaves you slightly vulnerable to malformed ICMP packets. If you want to be more secure, and only ping from your network use...
Thanks Derek,
I hope that does help me somehow but will or should configuring NFS cause my iptables to be written to, so as not to have to edit manually every time I reboot?
continued gratitude to all those who help us newbies.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.