Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to enable ping?a litte complex
Operating Systems Solaris How to enable ping?a litte complex Post 303015675 by stomp on Tuesday 10th of April 2018 06:14:07 AM
Old 04-10-2018
Since everything works, when you shutdown the firewall the most logical conclusion for me is that's the fw rules that is the problem.

---

Ok. Since I twisted in my unterstanding server and client, that's the following that would be needed:
  • client(slackware) must allow icmp-echo-reply(icmp subtype 0) inbound(INPUT-Chain)
  • client must allow icmp-echo-request outbound(OUTPUT-Chain), which is the case since you do not have any rules output and an accept-Policy
If you check the network packages at the client with tcpdump with this command(change eth0 to the correct device name!)...


Code:
tcpdump -i eth0 -n icmp

...you should see the echo request and echo reply packages even if the firewall is started and the ping fails. On the network level you should see them, even if they are blocked by the firewall rules, before they can get to the ping application.


This also would mean that the server is configured correctly to let icmp pass through.


As mext step I would add - as i recommended some debugging rules, like this into iptables:


Code:
iptables -I INPUT #1 -p icmp -j LOG
iptables -I INPUT #2 -p icmp --icmp-type 0 -j LOG
iptables -I INPUT #3 -p icmp --icmp-type 0 -j ACCEPT

The #1/#2/#3 means, that these rules should be laid out in the chain exactly in this order.



You can now restart your firewall at the client, start a ping in another terminal window and verify the rules that are matching with the packets by watching this command:


Code:
watch -n1 iptables -L INPUT -v -n

You can reset the counters(so diagnosis is easier) with iptables -Z.

And for having us to may have some insight on your situation and thus to be more able to help you, please provide the output of iptables -L -v -n here in the forum. It maybe better to the direct result of the ruleset not just the script creating ist, because the result may be not the way it was intended.
 

10 More Discussions You Might Find Interesting

1. Solaris

enable log

dear all i want to enable the below logs can you help me /var/adm/xferlog /var/spool/uucp/.Admin thanx you (0 Replies)
Discussion started by: murad.jaber
0 Replies

2. Linux

How to enable Hibernate

Hi, I want to enable hibernate in my machine. when i click hibernate option, it is throwing message that hibernate is not enabled in kernel. earlier, i was hibernating in the same machine with windows os. any idea ? Thx in advance. Siva (0 Replies)
Discussion started by: Sivaswami
0 Replies

3. AIX

How to enable XDMCP?

Hello everyone, I installed AIX the other day (several times!) but I can't get XDMCP to work. I remember from when I installed it the last time it worked out of the box. So why doesn't it work now? This is the error message I get: XDMCP fatal error: Session failed Session 2 failed for... (3 Replies)
Discussion started by: Kotzkroete
3 Replies

4. AIX

Enable SMT

How to enable SMT in aix 5.2 ml 9? If i run smtctl it gives error ksh: smtctl: not found. please tell me if SMT is supported in 5.2 (4 Replies)
Discussion started by: vjm
4 Replies

5. Shell Programming and Scripting

Animation Ping on Solaris Like Cisco Ping

Hi, I develop simple animation ping script on Solaris Platform. It is like Cisco ping. Examples and source code are below. bash-3.00$ gokcell 152.155.180.8 30 Sending 30 Ping Packets to 152.155.180.8 !!!!!!!!!!!!!.!!!!!!!!!!!!!!!. % 93.33 success... % 6.66 packet loss...... (1 Reply)
Discussion started by: gokcell
1 Replies

6. Shell Programming and Scripting

How to get reason for ping failure using perls Net::Ping->new("icmp");?

Hi I am using perl to ping a list of nodes - with script below : $p = Net::Ping->new("icmp"); if ($p->ping($host,1)){ print "$host is alive.\n"; } else { print "$host is unreacheable.\n"; } $p->close();... (4 Replies)
Discussion started by: tavanagh
4 Replies

7. SCO

Auditing: how to enable?

edit: solution found Auditing Quick Start and Compatibility Notes (1 Reply)
Discussion started by: Linusolaradm1
1 Replies

8. UNIX for Advanced & Expert Users

Enable lpfc changes!

Hi Folks! I am writing a script which changes lpfc.conf if there it has been setup on RHEL BOXes, do I need to put dracut -f for enabling it? I am not sure, Can someone help! (6 Replies)
Discussion started by: nixhead
6 Replies

9. Programming

Ping test sends mail when ping fails

help with bash script! im am working on this script to make sure my server will stay online, so i made this script.. HOSTS="192.168.138.155" COUNT=4 pingtest(){ for myhost in "$@" do ping -c "$COUNT" "$myhost" &&return 1 done return 0 } if pingtest $HOSTS #100% failed... (4 Replies)
Discussion started by: mort3924
4 Replies

10. Linux

Please: a litte help to crosscompile.

I have installed the "mipsel tuxbox" compile suite for crosscompile Host system is x86_64 slackware destination is mipsel32bit "vuduo+" For example,I want to compile a program, I use this script make clean export TOOLCHAIN=/opt/mipsel-tuxbox-linux-gnu export... (0 Replies)
Discussion started by: Linusolaradm1
0 Replies

LEARN ABOUT DEBIAN

pyroman

PYROMAN(8)						      System Manager's Manual							PYROMAN(8)

NAME

       pyroman - a firewall configuration utility

SYNOPSIS

       pyroman
	      [ -hvnspP ] [ -r RULESDIR ] [ -t SECONDS ]
	      [ --help ] [ --version ] [ --safe ] [ --no-act ]
	      [ --print ] [ --print-verbose ] [ --rules=RULESDIR ]
	      [ --timeout=SECONDS ] [ safe ]

DESCRIPTION

       pyroman is a firewall configuration utility.

       It will compile a set of configuration files to iptables statements to setup IP packet filtering for you.

       While it is not necessary for operating and using Pyroman, you should have understood how IP, TCP, UDP, ICMP and the other commonly used
       Internet protocols work and interact. You should also have understood the basics of iptables in order to make use of the full
       functionality.

       pyroman does not try to hide all the iptables complexity from you, but tries to provide you with a convenient way of managing a complex
       networks firewall.  For this it offers a compact syntax to add new firewall rules, while still exposing access to add arbitrary iptables
       rules.

OPTIONS

       -r RULESDIR,--rules=RULES
	      Load the rules from directory RULESDIR instead of the default directory (usually /etc/pyroman )
       -t SECONDS,--timeout=SECONDS
	      Wait SECONDS seconds after applying the changes for the user to type OK to confirm he can still access the firewall. This implies
	      --safe but allows you to use a different timeout.
       -h, --help
	      Print a summary of the command line options and exit.
       -V, --version
	      Print the version number of pyroman and exit.
       -s, --safe, safe
	      When the firewall was committed, wait 30 seconds for the user to type OK to confirm, that he can still access the firewall (i.e. the
	      network connection wasn't blocked by the firewall).  Otherwise, the firewall changes will be undone, and the firewall will be
	      restored to the previous state.  Use the --timeout=SECONDS option to change the timeout.
       -n, --no-act
	      Don't actually run iptables. This can be used to check if pyroman accepts the configuration files.
       -p, --print
	      Instead of running iptables, output the generated rules.
       -P, --print-verbose
	      Instead of running iptables, output the generated rules. Each statement will have one comment line explaining how this rules was
	      generated. This will usually include the filename and line number, and is useful for debugging.
CONFIGURATION

       Configuration of pyroman consists of a number of files in the directory /etc/pyroman.  These files are in python syntax, although you do
       not need to be a python programmer to use these rules. There is only a small number of statements you need to know:
       add_host
	      Define a new host or network
       add_interface
	      Define a new interface (group)
       add_service
	      Add a new service alias (note that you can always use e.g. www/tcp to reference the www tcp service as defined in /etc/services)
       add_nat
	      Define a new NAT (Network Address Translation) rule
       allow  Allow a service, client, server combination
       reject Reject access for this service, client, server combination
       drop   Drop packets for this service, client, server combination
       add_rule
	      Add a rule for this service, client, server and target combination
       iptables
	      Add an arbitrary iptables statement to be executed at beginning
       iptables_end
	      Add an arbitrary iptables statement to be executed at the end
       Detailed parameters for these functions can be looked up by caling
	      cd /usr/share/pyroman
	      pydoc ./commands.py

BUGS

       None known as of pyroman-0.4 release

AUTHOR

       pyroman was written by Erich Schubert <erich@debian.org>

SEE ALSO

       iptables(8), iptables-restore(8) iptables-load(8)

																	PYROMAN(8)
All times are GMT -4. The time now is 03:39 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy