LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Pinging servers thru firewall (https://www.linuxquestions.org/questions/linux-networking-3/pinging-servers-thru-firewall-496441/)

Danteleo 10-28-2006 04:11 PM
Pinging servers thru firewall
 
Here is my current challenge.

I have a script that with the help of crontab sends a ping to an ip address. If the ip address is successfully pinged then there is no responce from the script. If the ping fails then my cell is text that the server is down. All of that works as desined.

Here is the fun part.

I had 3 servers that need to have this script pinging them from another server outside the LAN. The servers are behind a firewall which has the ICMP Ping port forwarded to each of the three servers (Problem).

With the script that I'm running I can only put in one IP address (external static IP address)and the firewall can port forward the ICMP Ping port to each of the internal ip addresses (Problem).

I need to know how I can either edit my script to be able to ping the ip address of each of my servers from the external server. Or, configure my Sonic Firewall to allow ICMP pinging to pass thru other specified ports.

Also, I have made an identical script for pinging each server and match crontab jobs. Below is my script I hope this all make sence and someone can help.

THX

Script

# xxx.xxx.xxx.xxx = public IP Address
HOSTS="xxx.xxx.xxx.xxx"

# no ping request
COUNT=1

# email report when
SUBJECT="Ping failed"
EMAILID="myphone#@isp.com"
for myHost in $HOSTS
do
count=$(ping -c $COUNT $myHost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
if [ $count -eq 0 ]; then
# 100% failed
echo "Host : $hosts is down (ping failed) at $(date)" | mail -s "$SUBJECT" $EMAILID
fi
done

acid_kewpie 10-28-2006 04:25 PM
ping does not use ports, that's UDP and TCP within the TCP/IP model. you can't port forward somethign that doesn't know about ports. what i'd probably suggest is not using pings at all, if you do a port forward on your external device to a known service on each internal box, then use a tool like netcat or nmap to try to open that port. if, for example, you have an ssh server on each host, port forward each from say, port 2201 2202 and 2203, then run nmap against those port numbers "nmap host.com -p2201,2202,2203" that will show if each port is successfully port forwarding and therefore the internal box (AND the service) is running. alternatively, try netcat. run "nc host.com 2201 -w1" this will actaully connect to that port and show you the id string it recieves, so sticking with the ssh example, that would return something like "SSH-1.99-OpenSSH_3.9p1" showing that the remote service is OpenSSH etc... obviously exposing SSH to the internet is a generally dumb idea, but that's just an example.

also you could just run a web server on each box, and pull down a basic index.html page via curl...


All times are GMT -5. The time now is 06:32 AM.