Mailinglist Archive: opensuse (924 mails)

< Previous Next >
Re: [opensuse] SuseFirewall2 does not allow pings to ext network?
On 10/30/2012 2:14 PM, Togan Muftuoglu wrote:
On 10/30/2012 06:34 PM, Marc Chamberlin wrote:
Begin trying to use your application and send the relevant part of the
logs, ie if the service is unreachable then find the log entries which
are dropped and send them or use susepaste.org which in that case send
the paste id

Togan
Thanks for the good suggestions Togan, on how to improve SuSEFirewall2!
Much appreciated.

I made the changes you suggested, then restarted the firewall, and tried
to ping devices on my external network, from inside my internal network.
No joy. I did a tail -f /var/log/firewall and post the output to

http://susepast.org/34186a92
There is nothing related to ping in the logs you put up there

but I don't think much of relevance really got logged. Perhaps you will
see something I don't.. I can try an do it a few more time, the output
is different each time and I suspect mostly from other systems on my
internal network communicating with the internet.
Please provide the output of
ip a sh
ip ro sh
See http://susepaste.org/5548ce9d

and logs of the firewall when pinging
grep -i icmp /var/log/firewall


Well, absolutely nothing is logged when I try to ping devices in the external 169.254.1.x net from the internal 192.168.2.x network! However, I do see ICMP messages coming IN to my firewall machine from various external addresses on the internet. I suspect you don't want to see those... AND I do see ICMP messages when I ping some external site, such as www.google.com, from within my 192.168.2.x private network! I suspect you don't want to see those either.... AND I do see ICMP messages when I ping a device on my external 169.254.1.x network from the firewall machine itself!

Seems very odd that nothing is being logged when I execute a ping from my internal network to some device on my external 169.254.1.x private network!

Marc...


--
"The Truth is out there" - Spooky

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >