On 11/27/2005 12:11 PM, pelibali wrote:
Hi,
I have a small home-net, where a SUSE 10.0 machine serves as a router. Everything works as expected, all the clients can surf / e-mail, whatever, but there is a smaller issue disturbing the harmony...
We have dial-up connection and surprisingly I found, when we have no active connection, our clients _don't_ know about and they really wait until the initialized e.g. web-address will be timed-out. So in fact the router doesn't immediately let the clients know, that there is no connection and they have to find it out after a while, just "alone". Checking the firewall log showed me, that the ICMP (error-) messages don't arrive to the clients, because they get blocked (192.168.0.1 is the router, 192.168.0.6 is the client; in particular case trying to imap-ing e-mails from 146.123.123.123):
Nov 26 11:28:17 trincsi kernel: SFW2-OUT-ERROR IN= OUT=eth0 SRC=192.168.0.1 DST=192.168.0.6 LEN=101 TOS=0x00 PREC=0xC0 TTL=64 ID=3105 PROTO=ICMP TYPE=3 CODE=0 [SRC=192.168.0.6 DST=146.123.123.123 LEN=73 TOS=0x00 PREC=0x00 TTL=64 ID=20782 DF PROTO=TCP SPT=59061 DPT=143 WINDOW=6368 RES=0x00 ACK PSH FIN URGP=0 OPT (0101080A0004BF9602DCDD03) ]
Please could you suggest me a solution, how to get these ICMP packets arrive to my clients and let them through susefirewall? Maybe that's the same issue, but from clients I simply can't ping the router! I never needed it and don't plan to use something like that, but probably I would have to allow icmp somehow generally. I spent already hours with the configuration, until now no fruits. Any ideas are very welcome.
Post the results of these please (on the router, of course). egrep "^[^#]" /etc/sysconfig/SuSEfirewall2 iptables-save /sbin/SuSEfirewall2 debug