Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to enable ping?a litte complex
Operating Systems Solaris How to enable ping?a litte complex Post 303015675 by stomp on Tuesday 10th of April 2018 06:14:07 AM
Old 04-10-2018
Since everything works, when you shutdown the firewall the most logical conclusion for me is that's the fw rules that is the problem.

---

Ok. Since I twisted in my unterstanding server and client, that's the following that would be needed:
  • client(slackware) must allow icmp-echo-reply(icmp subtype 0) inbound(INPUT-Chain)
  • client must allow icmp-echo-request outbound(OUTPUT-Chain), which is the case since you do not have any rules output and an accept-Policy
If you check the network packages at the client with tcpdump with this command(change eth0 to the correct device name!)...


Code:
tcpdump -i eth0 -n icmp

...you should see the echo request and echo reply packages even if the firewall is started and the ping fails. On the network level you should see them, even if they are blocked by the firewall rules, before they can get to the ping application.


This also would mean that the server is configured correctly to let icmp pass through.


As mext step I would add - as i recommended some debugging rules, like this into iptables:


Code:
iptables -I INPUT #1 -p icmp -j LOG
iptables -I INPUT #2 -p icmp --icmp-type 0 -j LOG
iptables -I INPUT #3 -p icmp --icmp-type 0 -j ACCEPT

The #1/#2/#3 means, that these rules should be laid out in the chain exactly in this order.



You can now restart your firewall at the client, start a ping in another terminal window and verify the rules that are matching with the packets by watching this command:


Code:
watch -n1 iptables -L INPUT -v -n

You can reset the counters(so diagnosis is easier) with iptables -Z.

And for having us to may have some insight on your situation and thus to be more able to help you, please provide the output of iptables -L -v -n here in the forum. It maybe better to the direct result of the ruleset not just the script creating ist, because the result may be not the way it was intended.
 

10 More Discussions You Might Find Interesting

1. Solaris

enable log

dear all i want to enable the below logs can you help me /var/adm/xferlog /var/spool/uucp/.Admin thanx you (0 Replies)
Discussion started by: murad.jaber
0 Replies

2. Linux

How to enable Hibernate

Hi, I want to enable hibernate in my machine. when i click hibernate option, it is throwing message that hibernate is not enabled in kernel. earlier, i was hibernating in the same machine with windows os. any idea ? Thx in advance. Siva (0 Replies)
Discussion started by: Sivaswami
0 Replies

3. AIX

How to enable XDMCP?

Hello everyone, I installed AIX the other day (several times!) but I can't get XDMCP to work. I remember from when I installed it the last time it worked out of the box. So why doesn't it work now? This is the error message I get: XDMCP fatal error: Session failed Session 2 failed for... (3 Replies)
Discussion started by: Kotzkroete
3 Replies

4. AIX

Enable SMT

How to enable SMT in aix 5.2 ml 9? If i run smtctl it gives error ksh: smtctl: not found. please tell me if SMT is supported in 5.2 (4 Replies)
Discussion started by: vjm
4 Replies

5. Shell Programming and Scripting

Animation Ping on Solaris Like Cisco Ping

Hi, I develop simple animation ping script on Solaris Platform. It is like Cisco ping. Examples and source code are below. bash-3.00$ gokcell 152.155.180.8 30 Sending 30 Ping Packets to 152.155.180.8 !!!!!!!!!!!!!.!!!!!!!!!!!!!!!. % 93.33 success... % 6.66 packet loss...... (1 Reply)
Discussion started by: gokcell
1 Replies

6. Shell Programming and Scripting

How to get reason for ping failure using perls Net::Ping->new("icmp");?

Hi I am using perl to ping a list of nodes - with script below : $p = Net::Ping->new("icmp"); if ($p->ping($host,1)){ print "$host is alive.\n"; } else { print "$host is unreacheable.\n"; } $p->close();... (4 Replies)
Discussion started by: tavanagh
4 Replies

7. SCO

Auditing: how to enable?

edit: solution found Auditing Quick Start and Compatibility Notes (1 Reply)
Discussion started by: Linusolaradm1
1 Replies

8. UNIX for Advanced & Expert Users

Enable lpfc changes!

Hi Folks! I am writing a script which changes lpfc.conf if there it has been setup on RHEL BOXes, do I need to put dracut -f for enabling it? I am not sure, Can someone help! (6 Replies)
Discussion started by: nixhead
6 Replies

9. Programming

Ping test sends mail when ping fails

help with bash script! im am working on this script to make sure my server will stay online, so i made this script.. HOSTS="192.168.138.155" COUNT=4 pingtest(){ for myhost in "$@" do ping -c "$COUNT" "$myhost" &&return 1 done return 0 } if pingtest $HOSTS #100% failed... (4 Replies)
Discussion started by: mort3924
4 Replies

10. Linux

Please: a litte help to crosscompile.

I have installed the "mipsel tuxbox" compile suite for crosscompile Host system is x86_64 slackware destination is mipsel32bit "vuduo+" For example,I want to compile a program, I use this script make clean export TOOLCHAIN=/opt/mipsel-tuxbox-linux-gnu export... (0 Replies)
Discussion started by: Linusolaradm1
0 Replies

LEARN ABOUT OPENSOLARIS

networks

networks(4)							   File Formats 						       networks(4)

NAME

       networks - network name database

SYNOPSIS

       /etc/inet/networks

       /etc/networks

DESCRIPTION

       The  networks  file  is a local source of information regarding the networks which comprise the Internet. The networks  file can be used in
       conjunction with, or instead of, other networks sources, including the NIS maps	networks.byname and  networks.byaddr and  the  NIS+  table
       networks. Programs use the getnetbyname(3SOCKET) routines to access this information.

       The network file has a single line for each network, with the following information:

	 official-network-name network-number aliases

       Items  are separated by any number of  SPACE or TAB characters. A `#' indicates the beginning of a comment. Characters up to the end of the
       line are not interpreted by routines which search the file. This file is normally created from the official network database maintained	at
       the  Network  Information  Control  Center  (NIC), though local changes may be required to bring it up to date regarding unofficial aliases
       and/or unknown networks.

       Network numbers may be specified in the conventional dot (`.') notation using the inet_network routine from the Internet address  manipula-
       tion library, inet(7P). Network names may contain any printable character other than a field delimiter, NEWLINE, or comment character.

SEE ALSO

       getnetbyaddr(3SOCKET), getnetbyname(3SOCKET), inet(3SOCKET), nsswitch.conf(4), inet(7P)

NOTES

       The official SVR4 name of the networks file is /etc/inet/networks. The symbolic link /etc/networks exists for BSD compatibility.

       The  network number in networks database is the host address shifted to the right by the number of 0 bits in the address mask. For example,
       for the address 24.132.47.86 that has a mask of fffffe00, its network number is 803351. This is obtained when the address is shifted  right
       by  9  bits.  The  address  maps  to 12.66.23. The trailing 0 bits should not be specified.  The network number here is different from that
       described in netmasks(4). For this example, the entry in netmasks would be 24.132.46.0  fffffe00.

SunOS 5.11							    17 Jan 2002 						       networks(4)
All times are GMT -4. The time now is 06:28 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy