LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page No ping (in/out) using iptables on Debian sarge-sid
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-11-2004, 10:29 PM   #1
bureado
Member
 
Registered: Oct 2003
Location: Caracas
Distribution: Knoppix 3.3 (Debian sarge/sid)
Posts: 72

Rep: Reputation: 15
No ping (in/out) using iptables on Debian sarge-sid

Greetings; I'm using Debian GNU/Linux sarge-sid; working with iptables configured as follows: (iptables -L)

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:1863
ACCEPT tcp -- anywhere anywhere tcp multiport ports 10000
ACCEPT tcp -- anywhere anywhere tcp multiport ports ssh
ACCEPT tcp -- anywhere anywhere tcp multiport ports www state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere multiport ports domain udp
ACCEPT tcp -- anywhere anywhere tcp multiport ports domain
ACCEPT tcp -- anywhere anywhere tcp multiport ports smtp state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp multiport ports pop3
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT tcp -- anywhere anywhere tcp spt:28900

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere

Even with ICMP traffic completely available I can't ping myself nor other people can, too. I have allowed 28900 TCP port access because it's used by Tactical Ops game but it also does a huge server ping. The game is about unplayable without that. Not to tell that I can't now my latency now! Please, I would appreciate any help.

Thank you very much
 
Old 02-12-2004, 10:28 AM   #2
qwijibow
LQ Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
firt of all... your output policy is ACCEPT... is this delibrate ?
if so, your output rules are pointless, there not needed.

next, you are blocking icmp type 8 packets,
which is why you cant ping yourself

/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
will fix that

agh, yor frewall rules are messy and hard to read.
maybe clean them up a little, i see quite a few redundant rules,
and rules which could be merged together.
 
Old 02-12-2004, 01:07 PM   #3
bureado
Member
 
Registered: Oct 2003
Location: Caracas
Distribution: Knoppix 3.3 (Debian sarge/sid)
Posts: 72

Original Poster
Rep: Reputation: 15
Thank you very much, I've allowed echo-request ICMP packets and now everything is working fine.

Yes, they are really messy I don't get around with firewalls so it's kind of a disaster, but now I'm working on it, I've merged some rules, and so on.

I've also changed output default policy to DROP and made new output rules for what I want.

Thank you ver much,
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DEbian Sarge Ping Pause Intermenent pkraus109 Debian 1 11-10-2004 02:54 AM
Debian Woody, Sarge or Sid? Zaskar Debian 6 03-01-2004 11:37 AM
Persistent installation failures (Debian Stable, Sarge, Sid) massai Debian 10 02-08-2004 03:06 AM
Debian Sarge/Sid: Firestarter Woes General_Tso Linux - Security 15 08-12-2003 09:26 PM
How can i make a fresh install of Debian SID or Sarge? souldreamer Linux - Software 1 03-23-2003 09:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:30 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration