Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 06-01-2011, 10:43 PM   #1
LQ Newbie
Registered: Jun 2011
Posts: 12

Rep: Reputation: Disabled
Talking iptables 192.168.1.x server, can't ping by 192.168.0.x

hi friends.this is my first post here.i've always got good answer from google that show its in this forums.
i've just learned simple iptables.
i have set firewall for centos of server like this.
it has a gateway of

iptables -P INPUT DROP
iptables -A INPUT --in-interface lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --destination-port 22 -m mac --mac-source 00:0F:EB:91:00:01 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 80 -m mac --mac-source 00:0F:EB:91:00:01 -j ACCEPT

the mac source is my laptop's mac address.
But when i try to ping from my laptop of (my gateway is but share the same server that has 3 network gateway including gateway for the centos)it failed.
what i should do to enable this ping.i also cannot connect to the centos server unless i change my ip to 192.168.1.x and same gateway as centos.can someone suggest what should i modify my firewall to enable connection to centos server from my laptop? is that related to nat and forward chain in firewall of centos?
can someone suggest me what book is good to start learn linux firewall?

Last edited by momok; 06-01-2011 at 10:47 PM.
Old 06-02-2011, 01:09 AM   #2
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 377Reputation: 377Reputation: 377Reputation: 377
To allow your server to receive pings you'll need to do something like:
iptables -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
As for the other issue: If you're going through a router/gateway, the MAC address the other side sees will be that of its gateway, not the original host. Your MAC address is only used to get the frame to a router (or to another host on the same network). The router then strips your MAC, replacing it with its own as it sends it down the next link. With that in mind, it makes perfect sense that your rules won't work unless your laptop is on the same network as your server.

A good iptables tutorial is here.
Old 06-02-2011, 02:32 AM   #3
LQ Newbie
Registered: Jun 2011
Posts: 12

Original Poster
Rep: Reputation: Disabled
oh, thank you very much win32sux. Your explanations is very logical.maybe some of the answer is i may need to permit access only from the mac address of my gateway?but it won't give good security as what i want. others is i may also permit access from certain ip too from just afraid the spoofing of ipaddress and macaddress will break the security.maybe i should think other techniques. thanx again win32sux!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[root@wlxxb ~]# telnet 25 Trying telnet problem cnhawk386 Linux - Networking 1 10-10-2007 03:50 PM
pinging from cov Linux - Networking 12 05-03-2007 11:21 AM
What route to access daisy chained 2d router after (subnets?) Emmanuel_uk Linux - Networking 6 05-05-2006 02:47 AM
Is someone on my network?! ::ffff: ::ffff:192.168.0.:38201 ESTABLISHE ming0 Linux - Security 4 04-12-2005 02:04 AM
Iptables is converting -s into why !? qwijibow Linux - Security 2 01-26-2005 10:57 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:08 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration