I have an application where I need to configure a router to pass through ping requests (ICMP type through to the LAN port. I have a Linksys WRT54GS with tiny DD-WRT V24 SP2 installed. I am adding the following iptables rules:
The intent is that the first rule will change an incoming echo request destination to the unit on the LAN which I want to receive the ping request.
The second rule allows the modified echo request to pass through the FORWARD table.
And the last one allows the modified echo request to pass through the POSTROUTING table.
When I send a ping to the router with four tries, I get no pings out the LAN. Using iptables -L -v -n I can see were rule #1 passes one packet (but not four), rule #2 passes four packets (good!) and rule #3 passes 1 packet.
At this point I am at loss as to why this is not working. Can someone help me out here?
Last edited by Don Cragun; 07-10-2015 at 04:56 PM..
Reason: Add CODE tags.
Hi There,
I am looking to disable ICMP timestamp requests and ICMP timestamp replies on my Linux server version 8. Can someone please tell me the simplest way to do this? I know a command to disable all ICMP traffic but this I have been told will cause many network problems which I... (2 Replies)
Hello! I'm in extra urgent need to have a program that sends a series of ICMP echo requests over the network to a specified host and waits until the last echo reply is received.
I know little about socket-programming (in particular I've never dealt with icmp sockets) that's why i'm desperate!! :)... (5 Replies)
Dear,
I want to perform a plotting using xgraph, and the plotting data (ping.txt) is as below. For the graph I just want to plot the time for x-axis (line count) and the RTT for y-axis (time in ms). Below are script i write for that purpose but it seen did not work. Any guide for me because i... (1 Reply)
Hi All,
How to disable ICMP time stamp request and time stamp reply of a machine?
How to test this feature from remote machine?
Please reply back
Vasanth (2 Replies)
Hi
I am trying to perform a jumpstart with values below
client sf440-003 - ip x.x.133.2
jumpstartserver zeus - ip x.x.133.19
The jumpstart tftp works as it should, I boot the machine with boot net - install etc. But when it should do a PORTMAP it fails with ICMP error.
Any ideas... (2 Replies)
Hi all,
I cannot reach my SERVER from my NetBackup server connect through SERVER_prv ("cannot connect to client")
My SERVER was Sun OS 5.8, below is the message i get when i ping my SERVER:
# ping 192.168.X.X or
# ping SERVER_prv
ICMP Net Unreachable from gateway 172.16.102.XXX
for... (3 Replies)
I'm not a unix expert so I need to ask what maybe a simple question to some. Is there a log file which records any icmp packets hitting the server? I ask, because I need to verify what the ip is from a server pinging mine. (3 Replies)
Hi,
I am using following command:
tcpdump -i eth1 icmp =8 >output.txt
i want this command to get execute for a minute only. How can we do this?
Thanks.
Please use code tags next time for your code and data. Thanks (2 Replies)
Hi, I am relatively new to firewalls and netfilter. I have a Debian Stretch router box running dnsmasq, connected to a VPN. Occasionally dnsmasq polls all of the desired DNS servers to select the fastest. When it does this it responds to replies of the non-selected DNS servers with a icmp type... (0 Replies)
Discussion started by: CrazyDave
0 Replies
LEARN ABOUT DEBIAN
icmp
ICMP(7) Linux Programmer's Manual ICMP(7)NAME
icmp - Linux IPv4 ICMP kernel module.
DESCRIPTION
This kernel protocol module implements the Internet Control Message Protocol defined in RFC 792. It is used to signal error conditions and
for diagnosis. The user doesn't interact directly with this module; instead it communicates with the other protocols in the kernel and
these pass the ICMP errors to the application layers. The kernel ICMP module also answers ICMP requests.
A user protocol may receive ICMP packets for all local sockets by opening a raw socket with the protocol IPPROTO_ICMP. See raw(7) for more
information. The types of ICMP packets passed to the socket can be filtered using the ICMP_FILTER socket option. ICMP packets are always
processed by the kernel too, even when passed to a user socket.
Linux limits the rate of ICMP error packets to each destination. ICMP_REDIRECT and ICMP_DEST_UNREACH are also limited by the destination
route of the incoming packets.
/proc interfaces
ICMP supports a set of /proc interfaces to configure some global IP parameters. The parameters can be accessed by reading or writing files
in the directory /proc/sys/net/ipv4/. Most of these parameters are rate limitations for specific ICMP types. Linux 2.2 uses a token
bucket filter to limit ICMPs. The value is the timeout in jiffies until the token bucket filter is cleared after a burst. A jiffy is a
system dependent unit, usually 10ms on i386 and about 1ms on alpha and ia64.
icmp_destunreach_rate (Linux 2.2 to 2.4.9)
Maximum rate to send ICMP Destination Unreachable packets. This limits the rate at which packets are sent to any individual route
or destination. The limit does not affect sending of ICMP_FRAG_NEEDED packets needed for path MTU discovery.
icmp_echo_ignore_all (since Linux 2.2)
If this value is nonzero, Linux will ignore all ICMP_ECHO requests.
icmp_echo_ignore_broadcasts (since Linux 2.2)
If this value is nonzero, Linux will ignore all ICMP_ECHO packets sent to broadcast addresses.
icmp_echoreply_rate (Linux 2.2 to 2.4.9)
Maximum rate for sending ICMP_ECHOREPLY packets in response to ICMP_ECHOREQUEST packets.
icmp_errors_use_inbound_ifaddr (Boolean; default: disabled; since Linux 2.6.12)
If disabled, ICMP error messages are sent with the primary address of the exiting interface.
If enabled, the message will be sent with the primary address of the interface that received the packet that caused the ICMP error.
This is the behavior that many network administrators will expect from a router. And it can make debugging complicated network lay-
outs much easier.
Note that if no primary address exists for the interface selected, then the primary address of the first non-loopback interface that
has one will be used regardless of this setting.
icmp_ignore_bogus_error_responses (Boolean; default: disabled; since Linux 2.2)
Some routers violate RFC1122 by sending bogus responses to broadcast frames. Such violations are normally logged via a kernel warn-
ing. If this parameter is enabled, the kernel will not give such warnings, which will avoid log file clutter.
icmp_paramprob_rate (Linux 2.2 to 2.4.9)
Maximum rate for sending ICMP_PARAMETERPROB packets. These packets are sent when a packet arrives with an invalid IP header.
icmp_ratelimit (integer; default: 1000; since Linux 2.4.10)
Limit the maximum rates for sending ICMP packets whose type matches icmp_ratemask (see below) to specific targets. 0 to disable any
limiting, otherwise the minimum space between responses in milliseconds.
icmp_ratemask (integer; default: see below; since Linux 2.4.10)
Mask made of ICMP types for which rates are being limited.
Significant bits: IHGFEDCBA9876543210
Default mask: 0000001100000011000 (0x1818)
Bit definitions (see the Linux kernel source file include/linux/icmp.h):
0 Echo Reply
3 Destination Unreachable *
4 Source Quench *
5 Redirect
8 Echo Request
B Time Exceeded *
C Parameter Problem *
D Timestamp Request
E Timestamp Reply
F Info Request
G Info Reply
H Address Mask Request
I Address Mask Reply
The bits marked with an asterisk are rate limited by default (see the default mask above).
icmp_timeexceed_rate (Linux 2.2 to 2.4.9)
Maximum rate for sending ICMP_TIME_EXCEEDED packets. These packets are sent to prevent loops when a packet has crossed too many
hops.
VERSIONS
Support for the ICMP_ADDRESS request was removed in 2.2.
Support for ICMP_SOURCE_QUENCH was removed in Linux 2.2.
NOTES
As many other implementations don't support IPPROTO_ICMP raw sockets, this feature should not be relied on in portable programs.
ICMP_REDIRECT packets are not sent when Linux is not acting as a router. They are also only accepted from the old gateway defined in the
routing table and the redirect routes are expired after some time.
The 64-bit timestamp returned by ICMP_TIMESTAMP is in milliseconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC).
Linux ICMP internally uses a raw socket to send ICMPs. This raw socket may appear in netstat(8) output with a zero inode.
SEE ALSO ip(7)
RFC 792 for a description of the ICMP protocol.
COLOPHON
This page is part of release 3.44 of the Linux man-pages project. A description of the project, and information about reporting bugs, can
be found at http://www.kernel.org/doc/man-pages/.
Linux 2012-05-10 ICMP(7)
07-10-2015
through to the LAN port. I have a Linksys WRT54GS with tiny DD-WRT V24 SP2 installed. I am adding the following iptables rules: