Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Routing ICMP echo requests
Special Forums IP Networking Routing ICMP echo requests Post 302949421 by dschlic1 on Friday 10th of July 2015 12:04:12 PM
Old 07-10-2015
Routing ICMP echo requests
I have an application where I need to configure a router to pass through ping requests (ICMP type Image through to the LAN port. I have a Linksys WRT54GS with tiny DD-WRT V24 SP2 installed. I am adding the following iptables rules:
Code:
iptables -t nat -I PREROUTING -p icmp --icmp-type 8 -s 72.64.140.50 -j DNAT --to-destination 192.168.1.200 

iptables -t filter -I FORWARD -p icmp --icmp-type 8 -s 72.64.140.50 -d 192.168.1.200 -j ACCEPT 

iptables -t nat -I POSTROUTING -p icmp --icmp-type 8 -s 72.64.140.50 -d 192.168.1.200 -j ACCEPT

The intent is that the first rule will change an incoming echo request destination to the unit on the LAN which I want to receive the ping request.

The second rule allows the modified echo request to pass through the FORWARD table.

And the last one allows the modified echo request to pass through the POSTROUTING table.

When I send a ping to the router with four tries, I get no pings out the LAN. Using iptables -L -v -n I can see were rule #1 passes one packet (but not four), rule #2 passes four packets (good!) and rule #3 passes 1 packet.

At this point I am at loss as to why this is not working. Can someone help me out here?
Last edited by Don Cragun; 07-10-2015 at 04:56 PM.. Reason: Add CODE tags.
 

10 More Discussions You Might Find Interesting

1. IP Networking

icmp

how i can send the big icmp packets to the another ip for loose connection ....or how he can loose (1 Reply)
Discussion started by: seccom
1 Replies

2. Linux

Linux and ICMP timestamp requests.

Hi There, I am looking to disable ICMP timestamp requests and ICMP timestamp replies on my Linux server version 8. Can someone please tell me the simplest way to do this? I know a command to disable all ICMP traffic but this I have been told will cause many network problems which I... (2 Replies)
Discussion started by: gerwhelan
2 Replies

3. UNIX for Advanced & Expert Users

ICMP Echo-Request

Hello! I'm in extra urgent need to have a program that sends a series of ICMP echo requests over the network to a specified host and waits until the last echo reply is received. I know little about socket-programming (in particular I've never dealt with icmp sockets) that's why i'm desperate!! :)... (5 Replies)
Discussion started by: ilmora
5 Replies

4. Shell Programming and Scripting

Extracting ICMP Output for Plotting

Dear, I want to perform a plotting using xgraph, and the plotting data (ping.txt) is as below. For the graph I just want to plot the time for x-axis (line count) and the RTT for y-axis (time in ms). Below are script i write for that purpose but it seen did not work. Any guide for me because i... (1 Reply)
Discussion started by: Paris Heng
1 Replies

5. IP Networking

Ping ICMP

Hi All, How to disable ICMP time stamp request and time stamp reply of a machine? How to test this feature from remote machine? Please reply back Vasanth (2 Replies)
Discussion started by: vasanthan
2 Replies

6. Solaris

Jumpstart fails with ICMP Destination unreachable

Hi I am trying to perform a jumpstart with values below client sf440-003 - ip x.x.133.2 jumpstartserver zeus - ip x.x.133.19 The jumpstart tftp works as it should, I boot the machine with boot net - install etc. But when it should do a PORTMAP it fails with ICMP error. Any ideas... (2 Replies)
Discussion started by: ehsjoka
2 Replies

7. Solaris

ICMP Net Unreachable from gateway

Hi all, I cannot reach my SERVER from my NetBackup server connect through SERVER_prv ("cannot connect to client") My SERVER was Sun OS 5.8, below is the message i get when i ping my SERVER: # ping 192.168.X.X or # ping SERVER_prv ICMP Net Unreachable from gateway 172.16.102.XXX for... (3 Replies)
Discussion started by: beginningDBA
3 Replies

8. UNIX for Dummies Questions & Answers

Log file for icmp requests

I'm not a unix expert so I need to ask what maybe a simple question to some. Is there a log file which records any icmp packets hitting the server? I ask, because I need to verify what the ip is from a server pinging mine. (3 Replies)
Discussion started by: numele
3 Replies

9. Shell Programming and Scripting

ICMP for limited time

Hi, I am using following command: tcpdump -i eth1 icmp =8 >output.txt i want this command to get execute for a minute only. How can we do this? Thanks. Please use code tags next time for your code and data. Thanks (2 Replies)
Discussion started by: Satyajeet@uh
2 Replies

10. IP Networking

iptables - formatting icmp rules

Hi, I am relatively new to firewalls and netfilter. I have a Debian Stretch router box running dnsmasq, connected to a VPN. Occasionally dnsmasq polls all of the desired DNS servers to select the fastest. When it does this it responds to replies of the non-selected DNS servers with a icmp type... (0 Replies)
Discussion started by: CrazyDave
0 Replies

LEARN ABOUT DEBIAN

shorewall6-tcfilters

SHOREWALL6-TCFILTER(5)						  [FIXME: manual]					    SHOREWALL6-TCFILTER(5)

NAME

       tcfilters - shorewall6 u32 classifier rules file

SYNOPSIS

       /etc/shorewall6/tcfilters

DESCRIPTION

       Entries in this file cause packets to be classified for traffic shaping.

       Beginning with Shorewall 4.4.15, the file may contain entries for both IPv4 and IPv6. By default, all rules apply to IPv6 but that can be
       changed by inserting a line as follows:

       IPV4
	   Following entries apply to IPv4.

       IPV6
	   Following entries apply to IPv6

       ALL
	   Following entries apply to both IPv4 and IPv6. Each entry is processed twice; once for IPv4 and once for IPv6.

       The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in
       the alternate specification syntax).

       CLASS - interface:class
	   The name or number of an interface defined in shorewall6-tcdevices[1](5) followed by a class number defined for that interface in
	   shorewall6-tcclasses[2](5).

       SOURCE - {-|address}
	   Source of the packet. May be a host or network address. DNS names are not allowed.

       DEST - {-|address}}
	   Destination of the packet. May be a host or network address. DNS names are not allowed.

       PROTO - {-|protocol-number|protocol-name|all}
	   Protocol.

       DEST PORT (dport) - [-|port-name-or-number]
	   Optional destination Ports. A Port name (from services(5)) or a port number; if the protocol is icmp, this column is interpreted as the
	   destination icmp-type(s).

       SOURCE PORT (sport) - [-|port-name-or-number]
	   Optional source port.

       TOS - [-|tos]
	   Optional - specifies the value of the TOS field. The tos value can be any of the following:

	   o   tos-minimize-delay

	   o   tos-maximuze-throughput

	   o   tos-maximize-reliability

	   o   tos-minimize-cost

	   o   tos-normal-service

	   o   hex-number

	   o   hex-number/hex-number

	   The hex-numbers must be exactly two digits (e.g., 0x04)x.

       LENGTH - [-|number]
	   Optional. Must be a power of 2 between 32 and 8192 inclusive. Packets with a total length that is strictly less than the specified
	   number will match the rule.

EXAMPLE

       Example 1:
	   Place all 'ping' traffic on interface 1 in class 10. Note that ALL cannot be used because IPv4 ICMP and IPv6 ICMP are two different
	   protocols.

		       #CLASS	 SOURCE    DEST 	PROTO	DEST
		      # 				       PORT

		      IPV4

		      1:10	0.0.0.0/0 0.0.0.0/0    icmp    echo-request
		      1:10	0.0.0.0/0 0.0.0.0/0    icmp    echo-reply

		      IPV6

		      1:10	::/0	  ::/0	       icmp6   echo-request
		      1:10	::/0	  ::/0	       icmp6   echo-reply

FILES

       /etc/shorewall6/tcfilters

SEE ALSO

       http://shorewall.net/traffic_shaping.htm

       http://shorewall.net/MultiISP.html

       http://shorewall.net/PacketMarking.html

NOTES

	1. shorewall6-tcdevices
	   http://www.shorewall.net/manpages6/shorewall6-tcdevices.html

	2. shorewall6-tcclasses
	   http://www.shorewall.net/manpages6/shorewall6-tcclasses.html

[FIXME: source] 						    06/28/2012						    SHOREWALL6-TCFILTER(5)
All times are GMT -4. The time now is 07:52 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy