Pinging servers thru firewall
Here is my current challenge.
I have a script that with the help of crontab sends a ping to an ip address. If the ip address is successfully pinged then there is no responce from the script. If the ping fails then my cell is text that the server is down. All of that works as desined. Here is the fun part. I had 3 servers that need to have this script pinging them from another server outside the LAN. The servers are behind a firewall which has the ICMP Ping port forwarded to each of the three servers (Problem). With the script that I'm running I can only put in one IP address (external static IP address)and the firewall can port forward the ICMP Ping port to each of the internal ip addresses (Problem). I need to know how I can either edit my script to be able to ping the ip address of each of my servers from the external server. Or, configure my Sonic Firewall to allow ICMP pinging to pass thru other specified ports. Also, I have made an identical script for pinging each server and match crontab jobs. Below is my script I hope this all make sence and someone can help. THX Script # xxx.xxx.xxx.xxx = public IP Address HOSTS="xxx.xxx.xxx.xxx" # no ping request COUNT=1 # email report when SUBJECT="Ping failed" EMAILID="myphone#@isp.com" for myHost in $HOSTS do count=$(ping -c $COUNT $myHost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }') if [ $count -eq 0 ]; then # 100% failed echo "Host : $hosts is down (ping failed) at $(date)" | mail -s "$SUBJECT" $EMAILID fi done |
ping does not use ports, that's UDP and TCP within the TCP/IP model. you can't port forward somethign that doesn't know about ports. what i'd probably suggest is not using pings at all, if you do a port forward on your external device to a known service on each internal box, then use a tool like netcat or nmap to try to open that port. if, for example, you have an ssh server on each host, port forward each from say, port 2201 2202 and 2203, then run nmap against those port numbers "nmap host.com -p2201,2202,2203" that will show if each port is successfully port forwarding and therefore the internal box (AND the service) is running. alternatively, try netcat. run "nc host.com 2201 -w1" this will actaully connect to that port and show you the id string it recieves, so sticking with the ssh example, that would return something like "SSH-1.99-OpenSSH_3.9p1" showing that the remote service is OpenSSH etc... obviously exposing SSH to the internet is a generally dumb idea, but that's just an example.
also you could just run a web server on each box, and pull down a basic index.html page via curl... |
All times are GMT -5. The time now is 06:32 AM. |