Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] What is the meaning of these firewall log entries?
On 12/02/16 10:32 PM, Carlos E. R. wrote:
On 2016-02-13 05:12, John Andersen wrote: >> On 02/12/2016 07:47 PM, Carlos
E. R. wrote: >>> Ping was never
blocked. It was ICMP which was blocked, but not ping. >> >> Is there a
difference? >> >> >>
https://en.wikipedia.org/wiki/Ping_(networking_utility) > > Yes. > >
Regardless of what that article might say, the command "ping >
192.168.1.15" was working with icmp blocked. > > ICMP is a protocol, and
there are several types. A ping is "icmp echo". > > > Look, I have just
disabled icmp, and tried ping; it works: > > Telcontar:~ # ping
192.168.1.15 > PING 192.168.1.15 (192.168.1.15) 56(84) bytes of data. >
64 bytes from 192.168.1.15: icmp_seq=1 ttl=64 time=0.334 ms > 64 bytes
from 192.168.1.15: icmp_seq=2 ttl=64 time=0.334 ms > ^C > ---
192.168.1.15 ping statistics --- > 2 packets transmitted, 2 received, 0%
packet loss, time 999ms > rtt min/avg/max/mdev = 0.334/0.334/0.334/0.000
ms > Telcontar:~ # > > The SuSEfirewall2 treats "pings" differently. > >
Perhaps this one: > > # Allow the firewall to reply to icmp echo
requests > # > # defaults to "yes" if not set > # > FW_ALLOW_PING_FW=""
Notice that the default is yes. >
You're saying the same thing as John, except slightly different, and a
lot more complicated. Iptables allows you to do an awful lot of nifty
things, including allowing ping requests while blocking other ICMP traffic.

A ping (echo request) is an ICMP type 8 message. The response is an echo
reply, which is an ICMP type 0.

None of which is relevant I think. Marcus said it in the very first
response to you:

the destination host appears to be blocking UDP on port 6666. That is
pretty much obvious in the logged firewall messages. The destination's
response is a "port unreachable" response, ie. an ICMP type 3/code 3
message.

If you will just open UDP on port 6666 on your LAN systems, I think you
will find all is fine.


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups