MaD dUCK started typing into the keyboard and wrote:
these are icmp packets, "destination-unreachable". you probably have a policy on the output chain of DENY and don't let the icmp packets pass. you should NEVER NEVER NEVER block "destination-unreachable", and the following should also stay open:
ipchains -A output -p icmp --icmp-type destination-unreachable -j ACCEPT ipchains -A output -p icmp --icmp-type source-quench -j ACCEPT ipchains -A output -p icmp --icmp-type time-exceeded -j ACCEPT ipchains -A output -p icmp --icmp-type parameter-problem -j ACCEPT ipchains -A output -p icmp --icmp-type echo-request -j ACCEPT
and repeat that all for the input chain.
Well thanks for the info. First of all I would like to understand 1) What is the reasoning to let the icmp pass ? 2) The same principle was working with the SuSEfirewall 2.1 in version 2.6 where and how do I define this ? Thanks -- Togan Muftuoglu toganm@turk.net It said "Needs Windows 98 or better." So I installed Linux... -o) /\\ _\_v The penguins are coming... the penguins are coming... ----------------------------------- 100% MS FREE Absolutely no component of Microsoft was used in the generation or posting of this e-mail. So it is virus free