LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Ping always fails but TCP/IP & everything else works (https://www.linuxquestions.org/questions/linux-networking-3/ping-always-fails-but-tcp-ip-and-everything-else-works-544548/)

nsfx 04-09-2007 10:44 AM
Ping always fails but TCP/IP & everything else works
 
Ping and traceroute (and other ICMP utilities I presume) always fail on my machine even to hosts that I know respond to pings from other machines on the same subnet. Iptables looks okay. Below I've copied output from ifconfig and route, and I've copied my iptables and firewall files.

Code:
eth2      Link encap:Ethernet  HWaddr 00:13:02:9F:4B:3E 
          inet addr:128.235.73.162  Bcast:128.235.79.255  Mask:255.255.248.0
          inet6 addr: 2002:80eb:4acc:5:213:2ff:fe9f:4b3e/64 Scope:Global
          inet6 addr: fec0::5:213:2ff:fe9f:4b3e/64 Scope:Site
          inet6 addr: fe80::213:2ff:fe9f:4b3e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20618 errors:6 dropped:871 overruns:0 frame:0
          TX packets:985 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3580546 (3.4 Mb)  TX bytes:144264 (140.8 Kb)
          Interrupt:17 Base address:0xa000 Memory:dcfff000-dcffffff

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:107 errors:0 dropped:0 overruns:0 frame:0
          TX packets:107 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:8340 (8.1 Kb)  TX bytes:8340 (8.1 Kb)


Kernel IP routing table
Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
128.235.72.0    *              255.255.248.0  U    0      0        0 eth2
loopback        *              255.0.0.0      U    0      0        0 lo
default        vlan800-wl-gw.n 0.0.0.0        UG    0      0        0 eth2


# /etc/sysconfig/iptables
# Comment out if you want to disable IPv4 packet forwarding.
forward=1


# /etc/sysconfig/firewall
#
# configuration file for iptables
#
# Generated by iptables-save v1.2.11 on Thu Aug 19 01:47:13 2004
*filter
:INPUT DROP [1956:130146]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [972602:1376127870]
# don't drop certain icmp types
-A INPUT -p icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp --icmp-type 11 -j ACCEPT
# uncomment this to reply to ping
#-A INPUT -p icmp --icmp-type 8 -m limit --limit 1/second -j ACCEPT
# ftp
#-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
# ssh
#-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# smtp
#-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
# dns
#-A INPUT -p udp -m udp --dport 53 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
# http
#-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# pop3
#-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
# identd
#-A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
# samba
#-A INPUT -p udp -m multiport --dport 137,138 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
# imap
#-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
# https
#-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
# rsync
#-A INPUT -p tcp -m tcp --dport 873 -j ACCEPT
# imaps
#-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
# pop3s
#-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
# mysql
#-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
# distccd
#-A INPUT -p tcp -m tcp --dport 3632 -j ACCEPT
# avahi
#-A INPUT -p udp -m udp --dport 5353 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
COMMIT
# Completed on Thu Aug 19 01:47:13 2004
Any tips are much appreciated! :]

Centinul 04-09-2007 10:49 AM
What exactly do you mean by "failing"? Can you post the error, or what happens when you try and ping?

Thanks.

fur 04-09-2007 11:00 AM
I believe you need to allow both ICMP type 0(echo reply), and 8 (echo request).

Looking at your iptables rules you have the type 8 commented out.

nsfx 04-09-2007 01:13 PM
Quote:
Originally Posted by Centinul
What exactly do you mean by "failing"? Can you post the error, or what happens when you try and ping?

Thanks.
Hi, it just outputs the initial "PING [host] ([ip]) [bytes] bytes of data" and then no output even with the verbose switch. When I manually break the command it says "[N] packets transmitted, 0 received, 100% packet loss, [time] ms"

Thanks!

nsfx 04-09-2007 01:15 PM
Quote:
Originally Posted by fur
I believe you need to allow both ICMP type 0(echo reply), and 8 (echo request).

Looking at your iptables rules you have the type 8 commented out.
Yeah I tried this previously with no success. I think type 8 is for incoming pings. Thanks for the suggestion.

fur 04-09-2007 01:59 PM
It is for incoming pings, but your computer still needs to send out those packets. I think you may need something like this.

iptables -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT


All times are GMT -5. The time now is 04:30 AM.