Trying to get ping to work through iptables.
Preston Kutzner
shizzlecash at gmail.com
Tue Jan 6 18:01:24 UTC 2009
On Jan 6, 2009, at 9:56 AM, Martin McCormick wrote:
> Rashkae writes:
>> You need to accept icmp protocol packets for things like ping and
>> traceroute.
>>
>> /sbin/iptables -A INPUT -p icmp -j ACCEPT
>>
>
> Thank you. That worked. I could have sworn I tried that
> once but maybe I mistyped the command. Anyway, that works fine,
> now.
Your original problem is that you were trying to allow echo via TCP
and UDP. Echo uses ICMP not TCP or UDP. Depending on what your needs
are, I would block all ICMP packets except echo-request/reply and
possibly traceroute.
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 30 -j ACCEPT
ICMP type 8 is "echo-request", which you may substitute for '8' if you
wish.
ICMP type 30 is "traceroute", which, again, you may substitute for
'30' if you wish.
>
>
>> Also, note that it's common practice to make your default Input
>> Policy
>> Drop, rather than a rule in the chain. Strictly speaking, I don't
>> think
>> it makes a difference in the end, but it does make it possible to
>> append
>> rules at the end of the chain later on.
>
> Hmm. Very good point, but doesn't dropping the packet
> preclude it from going any further?
>
> Martin McCormick
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20090106/f3821011/attachment.sig>
More information about the ubuntu-users
mailing list