[opensuse] icmp (ping) forwarding
Hello, I'm still on the way of setting up a web/mail server on my own lan. so my server is behind a dsl modem I just noticed that the modem do not answer to icmp (ping). So I wonder what is the best way to do: * let it like this. My server answer to the ping from inside the lan, but do not from external calls * change the dsl modem (if possible) to answer to ping * forward the icmp call to the server to have it answer (forwarding port 5813, probably?) * something else? what's the best way? thanks jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
jdd wrote:
Hello,
I'm still on the way of setting up a web/mail server on my own lan.
so my server is behind a dsl modem
I just noticed that the modem do not answer to icmp (ping).
So I wonder what is the best way to do:
* let it like this. My server answer to the ping from inside the lan, but do not from external calls
* change the dsl modem (if possible) to answer to ping
Responding to ICMP echo requests is not mandatory, it's entirely up to you.
* forward the icmp call to the server to have it answer (forwarding port 5813, probably?)
Huh? ICMPs are not sent to any port. -- Per Jessen, Zürich (14.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 23/03/2017 à 20:13, Per Jessen a écrit :
jdd wrote:
* forward the icmp call to the server to have it answer (forwarding port 5813, probably?)
Huh? ICMPs are not sent to any port.
cat /etc/services | grep icmp icmpd 5813/tcp # ICMPD [Shane_O_Donnell] icmpd 5813/udp # ICMPD [Shane_O_Donnell] ? may be not related? jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 03/23/2017 03:23 PM, jdd wrote:
Le 23/03/2017 à 20:13, Per Jessen a écrit :
jdd wrote:
* forward the icmp call to the server to have it answer (forwarding port 5813, probably?)
Huh? ICMPs are not sent to any port.
cat /etc/services | grep icmp icmpd 5813/tcp # ICMPD [Shane_O_Donnell] icmpd 5813/udp # ICMPD [Shane_O_Donnell]
? may be not related?
As mentioned ICMP does not use ports. It uses message types. For example, a ping request is type 8 and ping reply, 0. Here's some info on ICMP: https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, 23 Mar 2017 20:23, jdd wrote:
Le 23/03/2017 à 20:13, Per Jessen a écrit :
jdd wrote:
* forward the icmp call to the server to have it answer (forwarding port 5813, probably?)
Huh? ICMPs are not sent to any port.
cat /etc/services | grep icmp icmpd 5813/tcp # ICMPD [Shane_O_Donnell] icmpd 5813/udp # ICMPD [Shane_O_Donnell]
? may be not related?
jdd
AURGH!! (@jdd, that hurt, you know.) "IPv4" and / or "IPv6" is just one of meta trafic protocols, which define what is send and how. Normal TCP and UDP protocols of these and have sub-ports for finer control. "ICMP" is another protocols, for which are no sub-ports are defined. read the header of /etc/protocols and the relevant RFCs exerpt for tcp, upd, icmp, ipv6-icmp: icmp 1 ICMP # Internet Control Message [RFC792] ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6 [RFC1883] tcp 6 TCP # Transmission Control [RFC793] udp 17 UDP # User Datagram [RFC768,JBP] The file /etc/services is only relevant for the TCP and UDP protocols! - Yamaban
Le 23/03/2017 à 20:40, Yamaban a écrit :
On Thu, 23 Mar 2017 20:23, jdd wrote:
cat /etc/services | grep icmp icmpd 5813/tcp # ICMPD [Shane_O_Donnell] icmpd 5813/udp # ICMPD [Shane_O_Donnell]
? may be not related?
jdd
AURGH!! (@jdd, that hurt, you know.)
"ICMP" is another protocols, for which are no sub-ports are defined.
so what mean the line above from /etc/services?
The file /etc/services is only relevant for the TCP and UDP protocols!
then what is icmpd? is it at all related to icmp? please I only need a small answer and, for James, of course the wikipedia page was my first read, but frankly I don't understand much in it I only use icmp for ping and asking is a computer is dead or alive... So I guess there is no way to ping a computer that lives after a gateway? thanks jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-03-23 22:49, jdd wrote:
I only use icmp for ping and asking is a computer is dead or alive...
So I guess there is no way to ping a computer that lives after a gateway?
After NAT, no, AFAIK. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
On 03/23/2017 05:49 PM, jdd wrote:
So I guess there is no way to ping a computer that lives after a gateway?
Well, you can't port forward it, as you would TCP or UDP, so that rules it out for anything behind NAT. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 24/03/2017 à 02:24, James Knott a écrit :
On 03/23/2017 05:49 PM, jdd wrote:
So I guess there is no way to ping a computer that lives after a gateway?
Well, you can't port forward it, as you would TCP or UDP, so that rules it out for anything behind NAT.
ok tanks all :-) jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 03/23/2017 02:49 PM, jdd wrote:
then what is icmpd? is it at all related to icmp?
please I only need a small answer
and, for James, of course the wikipedia page was my first read, but frankly I don't understand much in it
I only use icmp for ping and asking is a computer is dead or alive...
So I guess there is no way to ping a computer that lives after a gateway?
thanks jdd https://serverfault.com/questions/222601/is-it-possible-to-ping-through-a-na...
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 24/03/2017 à 06:13, sdm a écrit :
On 03/23/2017 02:49 PM, jdd wrote:
then what is icmpd? is it at all related to icmp?
please I only need a small answer
and, for James, of course the wikipedia page was my first read, but frankly I don't understand much in it
I only use icmp for ping and asking is a computer is dead or alive...
So I guess there is no way to ping a computer that lives after a gateway?
thanks jdd https://serverfault.com/questions/222601/is-it-possible-to-ping-through-a-na...
what I asked is tha other way round, ping a computer *inside* the nat there seems to be no (simple) way to forward the ping to this computer jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
jdd wrote:
Le 24/03/2017 à 06:13, sdm a écrit :
On 03/23/2017 02:49 PM, jdd wrote:
then what is icmpd? is it at all related to icmp?
please I only need a small answer
and, for James, of course the wikipedia page was my first read, but frankly I don't understand much in it
I only use icmp for ping and asking is a computer is dead or alive...
So I guess there is no way to ping a computer that lives after a gateway?
thanks jdd
https://serverfault.com/questions/222601/is-it-possible-to-ping-through-a-na...
what I asked is tha other way round, ping a computer *inside* the nat
there seems to be no (simple) way to forward the ping to this computer
Correct. Normally ICMP echo/reply will travel through a router, but because you have a private network on the inside, that doesn't work. -- Per Jessen, Zürich (9.0°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 03/24/2017 01:13 AM, sdm wrote:
On 03/23/2017 02:49 PM, jdd wrote:
then what is icmpd? is it at all related to icmp?
please I only need a small answer
and, for James, of course the wikipedia page was my first read, but frankly I don't understand much in it
I only use icmp for ping and asking is a computer is dead or alive...
So I guess there is no way to ping a computer that lives after a gateway?
thanks jdd https://serverfault.com/questions/222601/is-it-possible-to-ping-through-a-na...
Pinging out is one thing, but I don't ever recall seeing a router that could forward incoming ICMP through NAT. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
Pinging out is one thing, but I don't ever recall seeing a router that could forward incoming ICMP through NAT.
--- Note, that you are receiving an "incoming ICMP" when you get back a ping answer, but the incoming traffic is seen as related to your outward ping and can be routed back to the source (behind a router). The reason it is "impossible" to get a ping from outside their router -- for most people, is because inside their routers there are no "permanent" IP addresses, only "private" or "non-routable" IP ranges (192.168.x.y or 10.x.y.z or similar). So no one on the outside would be able to send a ping to a host behind their router, as their local IP addresses are unknown on the outside of the router. If you have a fixed ipaddr behind a firewall or modem that is associated with a DNS sitename, then someone on the outside can ping that addr from the outside (and get a response if the device is configured to respond to pings). For example, I think my linux server is pingable @ ishtar(dot)tlinx(dot)org. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 03/27/2017 08:47 PM, L A Walsh wrote:
James Knott wrote:
Pinging out is one thing, but I don't ever recall seeing a router that could forward incoming ICMP through NAT.
--- Note, that you are receiving an "incoming ICMP" when you get back a ping answer, but the incoming traffic is seen as related to your outward ping and can be routed back to the source (behind a router).
The reason it is "impossible" to get a ping from outside their router -- for most people, is because inside their routers there are no "permanent" IP addresses, only "private" or "non-routable" IP ranges (192.168.x.y or 10.x.y.z or similar).
So no one on the outside would be able to send a ping to a host behind their router, as their local IP addresses are unknown on the outside of the router.
If you have a fixed ipaddr behind a firewall or modem that is associated with a DNS sitename, then someone on the outside can ping that addr from the outside (and get a response if the device is configured to respond to pings). For example, I think my linux server is pingable @ ishtar(dot)tlinx(dot)org.
Quite so and I can do that on IPv6 for all IPv6 capable devices on my network. That's why I said "through NAT" in my reply. On IPv6, I have a /56 prefix, but on IPv4, I have only a single public address & NAT, so I can't ping anything behind my firewall on IPv4. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 03/27/2017 05:47 PM, L A Walsh wrote:
If you have a fixed ipaddr behind a firewall or modem that is associated with a DNS sitename, then someone on the outside can ping that addr from the outside
You don't even need the dns part, all you need is a route-able (non rfc 1918) IP address (even a temporary dhcp leased one) and ping works as long as no machine between you and your target blocks ping. Route tables are separate and distinct from DNS. As long as your route is advertised you can be pinged. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Just a note to say there where probably some default on the way when I made my ping tests, because now there is a normal ping answer (from my dsl modem, obviously), and I didn't do anything on it (not even rebooting) ->ping dodin.me PING dodin.me (93.22.55.92) 56(84) bytes of data. 64 bytes from 92.55.22.93.rev.sfr.net (93.22.55.92): icmp_seq=1 ttl=63 time=0.844 ms (...) believe it or not, I often use this to recall what is my own IP :-(. For this line, it's not officially a fixed IP, but should be in practice jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-03-24 08:45, jdd wrote:
Just a note to say there where probably some default on the way when I made my ping tests, because now there is a normal ping answer (from my dsl modem, obviously), and I didn't do anything on it (not even rebooting)
- Maybe your IP had changed and the dns was not updated, so you were pinging somebody else. - Maybe some router in the road was blocking it, and now you get another route, or it was reconfigured. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
Le 25/03/2017 à 02:56, Carlos E. R. a écrit :
On 2017-03-24 08:45, jdd wrote:
Just a note to say there where probably some default on the way when I made my ping tests, because now there is a normal ping answer (from my dsl modem, obviously), and I didn't do anything on it (not even rebooting)
- Maybe your IP had changed and the dns was not updated, so you were pinging somebody else.
nope
- Maybe some router in the road was blocking it, and now you get another route, or it was reconfigured.
yes, probably some problem in my ISP config that have been fixed silently jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-03-25 07:49, jdd wrote:
- Maybe some router in the road was blocking it, and now you get another route, or it was reconfigured.
yes, probably some problem in my ISP config that have been fixed silently
Instead of ping you could use traceroute, which uses udp or tcp and you can define the port, so your router can send to your server inside. There are other ping variants. I see "hping3", which mentions tcp in the description. I have installed it, but I can't figure it out yet. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
participants (8)
-
Carlos E. R. -
James Knott -
jdd -
John Andersen -
L A Walsh -
Per Jessen -
sdm -
Yamaban