Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to enable ping?a litte complex
Operating Systems Solaris How to enable ping?a litte complex Post 303015621 by Linusolaradm1 on Monday 9th of April 2018 05:28:08 AM
Old 04-09-2018
How to enable ping?a litte complex
I have two networks
  • 192.168.0.0/24 which is my home network
  • 10.2.0.0/24 which is the second network dedicated to vm's
Without firewall I can ping all networks without problems

Client System is : Slackware 14.2 with ip 192.168.0.2
Server is OmniOS with ip 10.2.0.1(vnic) and 192.168.0.30 (bge0)
Code:
    /etc/rc.d/rc.firewall stop
    ping 10.2.0.1
    PING 10.2.0.1 (10.2.0.1) 56(84) bytes of data.
    64 bytes from 192.168.0.30: icmp_seq=1 ttl=255 time=4.34 ms
    64 bytes from 192.168.0.30: icmp_seq=2 ttl=255 time=4.81 ms

It answer the 192.168.0.30,because the network 10.2.0.0/24 is natted to permit the vm to reach internet.

With the firewall active
Code:
/etc/rc.d/rc.firewall start
        ping 10.2.0.1

No answer and syslog said...
Code:
Apr  8 12:03:58 slack64 kernel: [22092.913008] IN=bridge0 OUT= MAC=************* SRC=192.168.0.30 DST=192.168.0.2 LEN=84 TOS=0x00 PREC=0x00 TTL=255 ID=31255 DF PROTO=ICMP TYPE=0 CODE=0 ID=12441 SEQ=5 
    Apr  8 12:03:59 slack64 kernel: [22093.935986] IN=bridge0 OUT= MAC=************* SRC=192.168.0.30 DST=192.168.0.2 LEN=84 TOS=0x00 PREC=0x00 TTL=255 ID=31256 DF PROTO=ICMP TYPE=0 CODE=0 ID=12441 SEQ=6

My firewall use this script on client linux
Code:
#!/bin/sh
    # A simple script firewall
    set -e
    
    # We need this for redirection
    echo 1 > /proc/sys/net/ipv4/ip_forward
    
    firewall_start() {
    
    # Clean first
    iptables -F
    iptables -X
    iptables -Z
    iptables -t nat -F
    iptables -t nat -X
    iptables -t nat -Z
    iptables -t mangle -F
    iptables -t mangle -X
    iptables -t mangle -Z
    iptables -t raw -F
    iptables -t raw -X
    iptables -t raw -Z
    
    # Default policy
    iptables -P OUTPUT ACCEPT
    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    
    # firewall rules INPUT
    iptables -A INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
    iptables -A INPUT -i lo -j ACCEPT
    
    # Bacula
    iptables -A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 9102:9104 -j ACCEPT
    
    # Ssh 
    iptables -A INPUT  -p tcp -m tcp --dport 22 -j ACCEPT
    
    # Icmp
    iptables -A INPUT -p icmp -m icmp --icmp-type 0 -s 0/0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
    iptables -A INPUT -p icmp -m icmp --icmp-type 8 -s 0/0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
    
    # Log on syslog
    iptables -A INPUT -j LOG
    iptables -A FORWARD -j LOG
    
    # Final input rules
    iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
    iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
    }
    
    firewall_stop() {
    # Clean
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -F
    iptables -X
    iptables -Z
    iptables -t nat -F
    iptables -t nat -X
    iptables -t nat -Z
    iptables -t mangle -F
    iptables -t mangle -X
    iptables -t mangle -Z
    iptables -t raw -F
    iptables -t raw -X
    iptables -t raw -Z
    
    }
    
    
    firewall_restart() {
    firewall_stop
    firewall_start
    }
    
    case "$1" in
    'start')
      firewall_start
      ;;
    'stop')
      firewall_stop
      ;;
    'restart')
      firewall_restart
      ;;
    *)
      echo "usage $0 start|stop|restart"
    esac

And this is the ipf.conf of server
Code:
# block and quick everything by default but pass on lo0
    block in log on bge0 all
    pass in quick on lo0 all
    
    # These rules will allow connections initiated from
    # this host along with the return connection
    pass out quick proto icmp all keep state
    pass out quick proto tcp all keep state
    pass out quick proto udp all keep state
    
    # Allow SecureShell incoming connections on 2122 port 
    pass in quick proto tcp from any to any port = 2122 flags S keep state keep frags
    
    # Allow SecureShell incoming connections on 22 port 
    pass in quick proto tcp from any to any port = 22 flags S keep state keep frags
    
    # Allow Secure stunnel telnet  incoming connections on 5860 port 
    pass in quick proto tcp from any to any port = 5860 flags S keep state keep frags
    
    # Allow nfs 3 4
    pass in quick proto tcp from 192.168.0.0/24 to any port = 2049  flags S keep state keep frags
    pass in quick   proto udp from 192.168.0.0/24 to any port = 2049 keep state
    pass in quick proto tcp from 192.168.0.0/24 to any port = 4001  flags S keep state keep frags
    pass in quick   proto udp from 192.168.0.0/24 to any port = 4001 keep state
    pass in quick proto tcp from 192.168.0.0/24 to any port = 111   flags S keep state keep frags
    pass in quick   proto udp from 192.168.0.0/24 to any port = 111 keep state
    pass in quick proto tcp from 192.168.0.0/24 to any port = 48472 flags S keep state keep frags
    pass in quick   proto udp from 192.168.0.0/24 to any port = 48472 keep state
    pass in quick proto tcp from 192.168.0.0/24 to any port = 8932 flags S keep state keep frags
    pass in quick   proto udp from 192.168.0.0/24 to any port = 8932 keep state
    
    #Allow PING
    pass in quick proto icmp from any to any keep state
    
    # Samba
    pass in quick proto udp from 192.168.0.0/24 to any port = 137 keep state
    pass in quick proto udp from 192.168.0.0/24 to any port = 138 keep state
    pass in quick proto udp from 192.168.0.0/24 to any port = 139 keep state
    pass in quick proto udp from 192.168.0.0/24 to any port = 445 keep state
    pass in quick proto tcp from 192.168.0.0/24 to any port = 137 flags S keep state keep frags
    pass in quick proto tcp from 192.168.0.0/24 to any port = 138 flags S keep state keep frags
    pass in quick proto tcp from 192.168.0.0/24 to any port = 139 flags S keep state keep frags
    pass in quick proto tcp from 192.168.0.0/24 to any port = 445 flags S keep state keep frags
    
    # Dns
    pass in quick proto udp from 192.168.0.0/24 to any port = 53 keep state
    pass in quick proto tcp from 192.168.0.0/24 to any port = 53 flags S keep state keep frags

What can I do to enable ping?The other works fine, dns and ssh
Last edited by rbatte1; 04-09-2018 at 06:36 AM.. Reason: Corrected CODE tags
 

10 More Discussions You Might Find Interesting

1. Solaris

enable log

dear all i want to enable the below logs can you help me /var/adm/xferlog /var/spool/uucp/.Admin thanx you (0 Replies)
Discussion started by: murad.jaber
0 Replies

2. Linux

How to enable Hibernate

Hi, I want to enable hibernate in my machine. when i click hibernate option, it is throwing message that hibernate is not enabled in kernel. earlier, i was hibernating in the same machine with windows os. any idea ? Thx in advance. Siva (0 Replies)
Discussion started by: Sivaswami
0 Replies

3. AIX

How to enable XDMCP?

Hello everyone, I installed AIX the other day (several times!) but I can't get XDMCP to work. I remember from when I installed it the last time it worked out of the box. So why doesn't it work now? This is the error message I get: XDMCP fatal error: Session failed Session 2 failed for... (3 Replies)
Discussion started by: Kotzkroete
3 Replies

4. AIX

Enable SMT

How to enable SMT in aix 5.2 ml 9? If i run smtctl it gives error ksh: smtctl: not found. please tell me if SMT is supported in 5.2 (4 Replies)
Discussion started by: vjm
4 Replies

5. Shell Programming and Scripting

Animation Ping on Solaris Like Cisco Ping

Hi, I develop simple animation ping script on Solaris Platform. It is like Cisco ping. Examples and source code are below. bash-3.00$ gokcell 152.155.180.8 30 Sending 30 Ping Packets to 152.155.180.8 !!!!!!!!!!!!!.!!!!!!!!!!!!!!!. % 93.33 success... % 6.66 packet loss...... (1 Reply)
Discussion started by: gokcell
1 Replies

6. Shell Programming and Scripting

How to get reason for ping failure using perls Net::Ping->new("icmp");?

Hi I am using perl to ping a list of nodes - with script below : $p = Net::Ping->new("icmp"); if ($p->ping($host,1)){ print "$host is alive.\n"; } else { print "$host is unreacheable.\n"; } $p->close();... (4 Replies)
Discussion started by: tavanagh
4 Replies

7. SCO

Auditing: how to enable?

edit: solution found Auditing Quick Start and Compatibility Notes (1 Reply)
Discussion started by: Linusolaradm1
1 Replies

8. UNIX for Advanced & Expert Users

Enable lpfc changes!

Hi Folks! I am writing a script which changes lpfc.conf if there it has been setup on RHEL BOXes, do I need to put dracut -f for enabling it? I am not sure, Can someone help! (6 Replies)
Discussion started by: nixhead
6 Replies

9. Programming

Ping test sends mail when ping fails

help with bash script! im am working on this script to make sure my server will stay online, so i made this script.. HOSTS="192.168.138.155" COUNT=4 pingtest(){ for myhost in "$@" do ping -c "$COUNT" "$myhost" &&return 1 done return 0 } if pingtest $HOSTS #100% failed... (4 Replies)
Discussion started by: mort3924
4 Replies

10. Linux

Please: a litte help to crosscompile.

I have installed the "mipsel tuxbox" compile suite for crosscompile Host system is x86_64 slackware destination is mipsel32bit "vuduo+" For example,I want to compile a program, I use this script make clean export TOOLCHAIN=/opt/mipsel-tuxbox-linux-gnu export... (0 Replies)
Discussion started by: Linusolaradm1
0 Replies
All times are GMT -4. The time now is 06:09 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy