LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-13-2004, 02:17 AM   #1
m15a4
Member
 
Registered: Sep 2003
Distribution: SuSE 10
Posts: 55

Rep: Reputation: 15
IP Tables list (Why can't I ping out?)


What rule is preventing me from pinging other sites from behind this IP Tables rule?

# /sbin/iptables --version
iptables v1.2.7a
# /sbin/iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:www reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:telnet reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
 
Old 02-13-2004, 03:39 AM   #2
killer_bunny
Member
 
Registered: Oct 2003
Location: Croatia
Distribution: RedHat 9, Slack
Posts: 106

Rep: Reputation: 15
Well, by the looks of it none...

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp echo-request

This blocks outgoing pings.
As you don't have this rule anywhere i dont see why u couldn't ping anyone...
 
Old 02-13-2004, 07:39 AM   #3
moonloader
Member
 
Registered: Nov 2003
Location: linuxquestions.org
Distribution: Linux and BSD
Posts: 229

Rep: Reputation: 30
try to ping as root!
 
Old 02-13-2004, 11:05 AM   #4
m15a4
Member
 
Registered: Sep 2003
Distribution: SuSE 10
Posts: 55

Original Poster
Rep: Reputation: 15
Thanks for the replys but honestly, I can't

I've tried as root and user no difference.

I can see / run the ping command, I can ping my LAN all day no problem. Heck I can even ping the WAN side of my router, but Can't ping anything further out. I have also tried pinging from boxes running Win 98 / Win XP / SuSE PRO / SuSE (standard). So it's not the O.S. doing it.
 
Old 02-13-2004, 11:12 AM   #5
jazernorth
Member
 
Registered: Jan 2004
Location: Green Bay
Distribution: RedHat 8.0, LFS-5.0
Posts: 100

Rep: Reputation: 15
Your router is not allowing pings to leave your network. Contact the Router vendor on how to enable the ping port.
 
Old 02-13-2004, 04:31 PM   #6
m15a4
Member
 
Registered: Sep 2003
Distribution: SuSE 10
Posts: 55

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by jazernorth
Your router is not allowing pings to leave your network. Contact the Router vendor on how to enable the ping port.
Ping isn't on a 'port'.

What would be blocking pings if not the IP tables.
 
Old 02-13-2004, 06:13 PM   #7
killer_bunny
Member
 
Registered: Oct 2003
Location: Croatia
Distribution: RedHat 9, Slack
Posts: 106

Rep: Reputation: 15
Quote:
Originally posted by m15a4
Ping isn't on a 'port'.

What would be blocking pings if not the IP tables.
ISP

Try shutting down IPTABLES with

# /sbin/services iptables stop

and then try pinging.

If it doesen't work then it isn't cause of iptables
 
Old 02-16-2004, 09:20 AM   #8
jazernorth
Member
 
Registered: Jan 2004
Location: Green Bay
Distribution: RedHat 8.0, LFS-5.0
Posts: 100

Rep: Reputation: 15
Yeah, Pings is not a PORT, but you need to have ICMP activated with IPTABLES. So I call it a port.

Code:
EXTIP = 'xxx.xxx.xxx.xxx' # External IP Address
EXTIF = 'eth0' # External Interface
IPTABLES = 'iptables' #iptables bin name
UNIVERSE = '0.0.0.0' #all IP's

# To open the server to accept and send ICMP requests.
$IPTABLES -A INPUT -i $EXTIF -p ICMP -s $UNIVERSE -d $EXTIP -j ACCEPT
 
Old 02-20-2004, 04:33 AM   #9
chrisfirestar
Member
 
Registered: Sep 2003
Location: Adelaide, Australia
Distribution: Fedora/RH
Posts: 231

Rep: Reputation: 30
try typing

echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

not sure if that effects outgoing pings or not.. i dont think it does...
are you trying to ping from the gateway or behind the gateway
 
Old 02-20-2004, 09:42 AM   #10
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Quote:
try typing
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
not sure if that effects outgoing pings or not.. i dont think it does...
This stops the box itself from replying to pings...
Wouldn't have any effect on forwarded pings..

Quote:
Yeah, Pings is not a PORT, but you need to have ICMP activated with IPTABLES. So I call it a port.
Ping and other protocols are always activated in the kernel, (unless you remove them)..
iptables merely gives you some control over them.. eg writing a rule to block, redirect etc
You would only need to allow them if you had a DROP policy to catch unspecified connections.

The 2 rules m15a4 mentioned have no effect on outgoing pings...
So I would suggest as killer_bunny did, isolate the problem.
Clear the rules and eliminate them as a possible cause...
Also add some -j LOG entries via the command line to watch what is happening...
eg iptables -t nat -I POSTROUTING -j LOG

When listing rules, please use iptables-save to print them on the screen.
iptables -nL only shows 1 table and interpretes the rules quite inaccurately..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange Ping Issue - Can't ping localhost but can ping others on LAN code_slinger Linux - Networking 13 03-17-2011 02:47 AM
PPP establish can ping the gateway router but unable to ping the host deepalalla Linux - Networking 0 11-18-2004 09:10 AM
dhcp client can't ping gateway but can ping other local hosts dirty_forks Linux - Networking 7 10-08-2004 10:54 AM
windows 98 m/c ping to ip address of red hat server but fails to ping hostname ravilohot Linux - Networking 2 09-07-2004 04:57 AM
I can ping google.com successfully,but ping client(in my intranet) failed.Why? whepin Linux - Newbie 4 12-30-2001 04:54 AM


All times are GMT -5. The time now is 05:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration