IP Tables list (Why can't I ping out?)
What rule is preventing me from pinging other sites from behind this IP Tables rule?
# /sbin/iptables --version iptables v1.2.7a # /sbin/iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination REJECT tcp -- anywhere anywhere tcp dpt:www reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:telnet reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination |
Well, by the looks of it none...
Chain OUTPUT (policy ACCEPT) target prot opt source destination DROP icmp -- anywhere anywhere icmp echo-request This blocks outgoing pings. As you don't have this rule anywhere i dont see why u couldn't ping anyone... |
try to ping as root!
|
Thanks for the replys but honestly, I can't :(
I've tried as root and user no difference. I can see / run the ping command, I can ping my LAN all day no problem. Heck I can even ping the WAN side of my router, but Can't ping anything further out. I have also tried pinging from boxes running Win 98 / Win XP / SuSE PRO / SuSE (standard). So it's not the O.S. doing it. |
Your router is not allowing pings to leave your network. Contact the Router vendor on how to enable the ping port.
|
Quote:
What would be blocking pings if not the IP tables. |
Quote:
Try shutting down IPTABLES with # /sbin/services iptables stop and then try pinging. If it doesen't work then it isn't cause of iptables:scratch: :D :confused: :rolleyes: |
Yeah, Pings is not a PORT, but you need to have ICMP activated with IPTABLES. So I call it a port.
Code:
EXTIP = 'xxx.xxx.xxx.xxx' # External IP Address |
try typing
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all not sure if that effects outgoing pings or not.. i dont think it does... are you trying to ping from the gateway or behind the gateway |
Quote:
Wouldn't have any effect on forwarded pings.. Quote:
iptables merely gives you some control over them.. eg writing a rule to block, redirect etc You would only need to allow them if you had a DROP policy to catch unspecified connections. The 2 rules m15a4 mentioned have no effect on outgoing pings... So I would suggest as killer_bunny did, isolate the problem. Clear the rules and eliminate them as a possible cause... Also add some -j LOG entries via the command line to watch what is happening... eg iptables -t nat -I POSTROUTING -j LOG When listing rules, please use iptables-save to print them on the screen. iptables -nL only shows 1 table and interpretes the rules quite inaccurately.. |
All times are GMT -5. The time now is 08:11 AM. |