Hi again, To ping to the firewall, check first if the kernel parameter icmp_echo_ignore_all is set to "0" And then the same thing with incoming pakets: $iptables -A INPUT -i $IFACE -p icmp \ --icmp-type echo-request -j ACCEPT $iptables -A OUTPUT -o $IFACE -p icmp \ --icmp-type echo-reply -j ACCEPT Icmp type 8 is the echo-request and the 0 is the echo-reply Cheers, Annette
"Annette Meriste"
29.05.02 12:19:11 >>> Hi Wilfired,
A ping needs echo request and the echo reply. Try something like this: $iptables -A OUTPUT -o $IFAE -p icmp \ --icmp-type echo-request -j ACCEPT $iptables -A INPUT -i $IFACE -p icmp \ --icmp-type echo-reply -j ACCEPT You could specify the state too. Ex. ESTABLISHED, RELEATED Cheers, Annette ------------------------------------------------------------------------------------------------------------------------------- Cablecom GmbH Security Team Zollstrasse 42 CH-8021 Zürich Voice: +41 1 277 99 21 Fax: +41 1 277 93 22 E-Mail: annette.meriste@cablecom.ch
"Wilfried Philippi"
29.05.02 12:10:14 >>> Hello List, i have a Problem with our Firewall. We use Iptables and the Gateway works normaly, all wanted Connections are accepted and the unwanted are dropped. So it seems the System works. But i can't send a Ping to the System. when I send a Ping from one of the Windows Workstation's i get a Time Overflow ( in German for People who can undestand that : Zeitueberschreitung). I think i have a Port closed who is needed for Ping. What must i change in the Sccript that Ping works? SSH Connections to the Machine works. Any Suggestins? Thanks for Help. Wilfried
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here