10.2.0.0/24 which is the second network dedicated to vm's
Without firewall I can ping all networks without problems
Client System is : Slackware 14.2 with ip 192.168.0.2
Server is OmniOS with ip 10.2.0.1(vnic) and 192.168.0.30 (bge0)
It answer the 192.168.0.30,because the network 10.2.0.0/24 is natted to permit the vm to reach internet.
With the firewall active
No answer and syslog said...
My firewall use this script on client linux
And this is the ipf.conf of server
What can I do to enable ping?The other works fine, dns and ssh
Last edited by rbatte1; 04-09-2018 at 06:36 AM..
Reason: Corrected CODE tags
a) ICMP is stateless. So defining the state is senseless
b) ICMP Subtype 8 is echo Request, which you correctly defined on the INPUT Chain. ICMP Subtype 0 is "echo Reply" which is regulated at the OUTPUT chain since it is sent from the local host to the pinging party
c) Defining source -s 0/0 is of no use. Omit that and you have no restriction of source addresses.
d) I would assume the module icmp is automatically loaded when you specifiy -p icmp, so you can omit this too.
You can trace your paket filter more closely with additional log-rules before and after important Rules in your filter-definition.
Oh. Wait. I misunterstood. iptables is the pinging party....
a) ICMP is stateless. So defining the state is senseless
b) ICMP Subtype 8 is echo Request, which you correctly defined on the INPUT Chain. ICMP Subtype 0 is "echo Reply" which is regulated at the OUTPUT chain since it is sent from the local host to the pinging party
c) Defining source -s 0/0 is of no use. Omit that and you have no restriction of source addresses.
d) I would assume the module icmp is automatically loaded when you specifiy -p icmp, so you can omit this too.
You can trace your paket filter more closely with additional log-rules before and after important Rules in your filter-definition.
Oh. Wait. I misunterstood. iptables is the pinging party....
Now I use this rule..same thing.
---------- Post updated at 12:34 PM ---------- Previous update was at 12:32 PM ----------
Quote:
Originally Posted by rbatte1
I think that this is most likely a routing problem. What is your routing table like?
Can you show us the output from ifconfig -a & netstat -rn on both sides? Remember that the target of the ping will have to be able to respond.
Robin
The route is ok..at least I think.
Maybe is bridge causing problems?
I retry tomorrow wirth eth with no bridge.
Since everything works, when you shutdown the firewall the most logical conclusion for me is that's the fw rules that is the problem.
---
Ok. Since I twisted in my unterstanding server and client, that's the following that would be needed:
client(slackware) must allow icmp-echo-reply(icmp subtype 0) inbound(INPUT-Chain)
client must allow icmp-echo-request outbound(OUTPUT-Chain), which is the case since you do not have any rules output and an accept-Policy
If you check the network packages at the client with tcpdump with this command(change eth0 to the correct device name!)...
...you should see the echo request and echo reply packages even if the firewall is started and the ping fails. On the network level you should see them, even if they are blocked by the firewall rules, before they can get to the ping application.
This also would mean that the server is configured correctly to let icmp pass through.
As mext step I would add - as i recommended some debugging rules, like this into iptables:
The #1/#2/#3 means, that these rules should be laid out in the chain exactly in this order.
You can now restart your firewall at the client, start a ping in another terminal window and verify the rules that are matching with the packets by watching this command:
You can reset the counters(so diagnosis is easier) with iptables -Z.
And for having us to may have some insight on your situation and thus to be more able to help you, please provide the output of iptables -L -v -n here in the forum. It maybe better to the direct result of the ruleset not just the script creating ist, because the result may be not the way it was intended.
I have installed the "mipsel tuxbox" compile suite for crosscompile
Host system is x86_64 slackware
destination is mipsel32bit "vuduo+"
For example,I want to compile a program, I use this script
make clean
export TOOLCHAIN=/opt/mipsel-tuxbox-linux-gnu
export... (0 Replies)
help with bash script!
im am working on this script to make sure my server will stay online, so i made this script..
HOSTS="192.168.138.155"
COUNT=4
pingtest(){
for myhost in "$@"
do
ping -c "$COUNT" "$myhost" &&return 1
done
return 0
}
if pingtest $HOSTS
#100% failed... (4 Replies)
Hi Folks!
I am writing a script which changes lpfc.conf if there it has been setup on RHEL BOXes, do I need to put dracut -f for enabling it? I am not sure,
Can someone help! (6 Replies)
Hi
I am using perl to ping a list of nodes - with script below :
$p = Net::Ping->new("icmp");
if ($p->ping($host,1)){
print "$host is alive.\n";
}
else {
print "$host is unreacheable.\n";
}
$p->close();... (4 Replies)
Hi,
I develop simple animation ping script on Solaris Platform. It is like Cisco ping.
Examples and source code are below.
bash-3.00$ gokcell 152.155.180.8 30
Sending 30 Ping Packets to 152.155.180.8
!!!!!!!!!!!!!.!!!!!!!!!!!!!!!.
% 93.33 success... % 6.66 packet loss...... (1 Reply)
Hello everyone,
I installed AIX the other day (several times!) but I can't get XDMCP to work.
I remember from when I installed it the last time it worked out of the box.
So why doesn't it work now?
This is the error message I get:
XDMCP fatal error: Session failed Session 2 failed for... (3 Replies)
Hi,
I want to enable hibernate in my machine.
when i click hibernate option, it is throwing message that hibernate is not enabled in kernel.
earlier, i was hibernating in the same machine with windows os.
any idea ?
Thx in advance.
Siva (0 Replies)