Is there a way to set the IP that's returned in an ICMP TTL exceeded packet? Reason I ask is I have an edge router with several upstreams, and several downstream routers, and when I traceroute to it I would like only one of it's IP's to show up in the trace (Instead of each . Much like some of the larger ISP's do to mask the IP and hostname of their internal routers.. Is this possible?
View 2 Replies
I need to allow ICMP ping for one host only. I found out how to enable it to all hosts (ICMP Filtering, check ping) but I would like to reduce the scope to one host. I know I can add rules in the user_post script but I can't find the correct iptables command ...
View 4 Replies View RelatedI am setting up a virtual server. Ubuntu 11.04, "minimal provider image".UFW was disabled by default. I set it to default deny. Allowed HTTP, SSH and other standard stuff, and enabled it. All seems to be OK. Adding one rule to block some annoying security scanners causes ping not to work. I'm not an Iptables expert, but it looks OK to me. I got it from some website, rather than invented it myself, but modified to to fit the ufw config file syntax. What in that rule prevents pings?!? It seems completely unrelated.
View 1 Replies View RelatedI am using Witopia VPN services and used to work just fine on my Ubuntu 10.04. All of the sudden it stopped working. Here is the log:
Code:
May 17 00:56:58 saeed-laptop NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
May 17 00:56:58 saeed-laptop NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 11477
May 17 00:56:58 saeed-laptop NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
May 17 00:56:58 saeed-laptop NetworkManager: <info> VPN plugin state changed: 1
May 17 00:56:58 saeed-laptop NetworkManager: <info> VPN plugin state changed: 3
May 17 00:56:58 saeed-laptop NetworkManager: <info> VPN connection 'VPN Connection' (Connect) reply received.
May 17 00:56:58 saeed-laptop nm-openvpn[11482]: OpenVPN 2.1.0 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jan 26 2010
May 17 00:56:58 saeed-laptop nm-openvpn[11482]: WARNING: No server certificate verification method has been enabled. See [URL] for more info.
May 17 00:56:58 saeed-laptop nm-openvpn[11482]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 17 00:56:58 saeed-laptop nm-openvpn[11482]: WARNING: file '/home/saeed/Documents/config/VPN_Connection.key' is group or others accessible
May 17 00:56:58 saeed-laptop nm-openvpn[11482]: /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
May 17 00:56:58 saeed-laptop nm-openvpn[11482]: LZO compression initialized
May 17 00:56:59 saeed-laptop nm-openvpn[11482]: RESOLVE: NOTE: (address omitted) resolves to 12 addresses, choosing one by random
May 17 00:56:59 saeed-laptop nm-openvpn[11482]: UDPv4 link local: [undef]
May 17 00:56:59 saeed-laptop nm-openvpn[11482]: UDPv4 link remote: [AF_INET]IP address omitted
May 17 00:57:39 saeed-laptop NetworkManager: <info> VPN connection 'VPN Connection' (IP Config Get) timeout exceeded.
May 17 00:57:39 saeed-laptop nm-openvpn[11482]: SIGTERM[hard,] received, process exiting
May 17 00:57:39 saeed-laptop NetworkManager: <info> Policy set 'Auto Belkin' (wlan0) as default for routing and DNS.
May 17 00:57:51 saeed-laptop NetworkManager: <debug> [1274043471.002409] ensure_killed(): waiting for vpn service pid 11477 to exit
May 17 00:57:51 saeed-laptop NetworkManager: <debug> [1274043471.002596] ensure_killed(): vpn service pid 11477 cleaned up
I removed IP addresses. I think its a recent update might have created this issue. I tried re-installing openvpn and network-manager-openvpn.
I'm trying to configure internet access using KDE network manager. Added new VPN connection, set gateway and other options but connection breaks. Here is /var/log/daemon.log
Code:
Jul 1 17:35:22 dvinokurov-desktop NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.pptp'...
Jul 1 17:35:22 dvinokurov-desktop NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' started (org.freedesktop.NetworkManager.pptp), PID 1761
Jul 1 17:35:22 dvinokurov-desktop NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' just appeared, activating connections .....
log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
Jul 1 17:36:02 dvinokurov-desktop pptp[1773]: nm-pptp-service-1761 log[call_callback:pptp_callmgr.c:79]: Closing connection (call state)
As I understand the main problem is in "(IP Config Get) timeout exceeded".
how to identify the icmp packets & marking. this below icmp packets marking is not working.
iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x5
iptables -t mangle -A PREROUTING -p icmp -j RETURN
with the help of port no or any other how can i identify the icmp packet ?... This below two is working fine
iptables -t mangle -A PREROUTING -p tcp -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING -p tcp -j RETURN
iptables -t mangle -A PREROUTING -p udp -j MARK --set-mark 0x3
iptables -t mangle -A PREROUTING -p udp -j RETURN
I run a linux box as a gateway behind a satellite modem. The internet link over the satellite modem is only 1mbit so the usage often reaches 100% when someone is downloading/uploading something. I am seeing my ping return time jump from 700ms to 6000ms if someone tries to upload a file (by sending a attachment in a email etc). The satellite operator is saying this is normal, but I have my doubts.
Has ICMP got a lower priority? Should I really be seeing this behaviour? I understand that if it was a TCP packet then it would just be queued until the previous acknowledgement has been received. And if it was a UDP packet then it would have been dropped, but how does ICMP deal with these situations during heavy traffic?
I have One Server which is having IP 10.176.0.155. I want that client 10.176.0.135 is not able to ping this server only & cane it is possible to block through hosts.
View 1 Replies View RelatedWhy linux traceroute uses UDP protocol, we have basic ICMP protocol which is used in MS-windows tracert.Any specific use of traceroute using with UDP,TCP than ICMP?Windows is displaying all HOPs address but linux printing *.*.*
View 8 Replies View RelatedI have a C program which does.
1. Creates a UDP socket
2. Send the UDP Request packet to the TFTP server.
3. If the TFTP server is not listening in the 69 port, the remote machine send an ICMP ("Port Unreachable") message.
Is there a way to receive a notification from the Linux kernel on receipt of an ICMP packet to the created UDP socket.
icmp request from an ip that is in the same network as one of the local interfaces is not responded to, if the ping request is received via an interface in a different network. Is this some security feature?
Consider the below network
x.1|RTR1|-y.1---------y.2-|RTR2|-z.2------z.3-|LNX|-x.3
RTR - Router
x.1 -> 192.168.x.1
LNX - Linux machine
[Code]....
So im trying to get an icmp tunnel setup using ptunnel. When I run it under the same network and use to connect to RDP, it works fine, however when go outside my network and connect in, it does not get anywhere. I can confirm that I have forwarded ICMP packets to the server (if I ping the external ip it will show the status of the server if I unplug it) and that the server is showing signs of registering it.
On the client it just tries to resend the packet "Resending packet with seq-no 0" Over and over Firewall is off for testing so thats not the issue.
From what I've read, when linux sends a ping it sends without the netmask, so windows server assumes it must be a broadcast? Why doesn't linux send a netmask with a ping?
View 6 Replies View RelatedI tried to ping some of the pcs on the local network but for those with icmp disabled it doesn't work. I've used
Code:
nmap -sP 192.168.2.0/24
Installed Ubuntu Server 10.10, included Apache, PHP, and OpenSSH. Apache is up and serving pages, I can connect using PuTTY no problem. Server responds to a pingHowever, attempting to use ping or traceroute from the server results in a Destination Unreachable. Happens even for other 192.168.1.10x boxes on the local network
View 1 Replies View RelatedWhy firewalls does not allow ICMP echo request packets. Why are pings not allowed to certain systems?
View 1 Replies View RelatedCan any one tell me a network monitoring tool which can monitor remote connectivity and generate a comprehensive report about the link state like up/down, error timings, increase in latency and packet loss rate.
View 3 Replies View RelatedOn my system, I have built my own tunneling protocol, where I relay packets over a non-standardized but verified medium. What I do is capture the packets using iptables and NFQUEUE, relay them over my medium, and at the other end I reinject them using raw sockets. The packet going into the tunnel is exactly the same as the one coming out, verified. The problem is that this doesn't work for ICMP Ping (Echo Request) if the destination of the ping is the same as the tunnel endpoint. If the destination is not the same as the tunnel endpoint, the ping packet is rerouted and arrives as it should at the receiver, and the ping reply comes back to the sender. Does anyone know whats going on? Isn't it possible to send raw icmp to yourself? If not, anyone have an idea what I should do instead?
View 1 Replies View RelatedI set up a static IPv6 address and a gateway in /etc/network/interfaces. However, a bad router in my network environment alway send wrong ICMP router discovery messages to me. So I have got extra (wrong) IPv6 address and gateway, and the routing is confused. On Windows Servers, I can use "netsh interface ipv6 set interface "Local Area Connection" routerdiscovery=disable" to disable ICMP router discovery. But I don't know how to disable it on Ubuntu 9.10. How could I disable ICMP router discovery for IPv6?
View 4 Replies View RelatedWhen I ping our Microsoft Windows terminal server "cluster" farm, I get ICMP warnings that there are duplicate packets. I am able to rdesktop to the cluster with no problems. We are trying to setup nagios to run on this Ubuntu configuration and nagios is reporting the following error:
"PING WARNING - DUPLICATES! Packet Loss=0%, RTA=.98ms.
FPing reports duplicates as well. Is there a setting in the Arp table that needs to be set differently because the "Cluster" MAC address isn't an actual hardware MAC but a virtual MAC address?
Struggling to get my Linux server accept ICMP redirects not originating from default gateway. No problem to get it working if the redirects is originating from def gw.I know it's not a good solution security wise, but my network is so cluttered I'm forced to do so.
View 1 Replies View RelatedI have a dedicated host on my lan to monitor other hosts/services using Nagios. I'm in the process of migrating to Zabbix on that host to perform the same purpose. Both Nagios and Zabbix monitor icmp ping latency (Nagios uses ping, Zabbix uses fping) and over time the latency to other hosts grows until threshold alarms are triggered. In one week, the average latency grows from sub-millisecond to over 100 milliseconds, and continues to grow until the Nagios host is rebooted. I have verified the latency numbers using ping/fping from the command line on the Nagios host.
The problem is that pings from the monitored hosts to the Nagios host show normal latency at the time the Nagios host is showing high latency from itself to the monitored hosts. The Nagios host and monitored hosts are all connected to the same Dell 24 port gigabit switch. I already posted this question on the Zabbix forums with a graph of the latency but there were no answers. [URL] why the icmp ping latency is growing over time and how I can fix it short of rebooting the host on a schedule.
[Code]...
I am working on a cluster for a molecular dynamics class and I have to edit my FORTRAN code (only the newest and best for me!). In order to get through to the cluster I have to ssh in. The network on which the cluster resides is behind a firewall, so I have to ssh through the firewall into the network first.
this is fine, I can login and move files and folders as needed, including sftp-ing into host 1, then into the cluster so I can transfer files from cluster to host and then host to me. This gets rather tiresome, so it would be nice to edit the files in place.
The problem is that when I access my code with emacs it launches the emacs client on Host 1, with no mouse support. I know the purists will howl about how I should be using keyboard shortcuts, but I am a chemist and not a programmer, so the mouse is very nice for me. Is there any way I can perhaps mount the cluster using sshfs so that when I open my code it launches a local instance of emacs? Sorry if this is the wrong forum, but I thought it was network related.
I got a bunch of machines (~10) that I share with my co-workers. I have appropriate .ssh file(s) set up so I don't get prompt for password when I try to ssh.Currently I ssh into these hosts and then do a top to check the load before I start using the machine. Because I don't want to be on a busy host.Can someone show me how to write a script that find a least-busy host given a list of hosts to check? (hardcoded is fine)
View 1 Replies View RelatedThe internal network is behind nat done by the PC Router.The TP Link is recieving wireless signal from outdoors and it has switching and basic routing capabilities. I'm using the PC router for better routing options.PC Router (or R for short) is a triple-booting machine - Linux, FreeBSD and Windows. It has two lan cards - external (ext_if) - 100Mbps Realtek 8139 and internal (int_if) - 1Gbps integrated Realtek 8169.The problem is that all traffic from R to the network is slow - about 5-20K, while the traffic in the oppoiste direction is all right - about 10MB that is fine for 100Mbps cables, NICs and switches. The problem persist no matter the OS the pc R is running.I've tried some debugging on the situation as follows:
- put another PC at the place of R - everything is fine. That exclude the possibility of damaged cables, RJ-45s, switches and etc.
- connected both of the NICs to the Internet while the internal network is being disconnected and they both work fine (no delays)
- traffic shaping is not running
- there is nothing in firewalls except NATing the internal network (and it is working fine). Actually these firewall rules have been operational for more than months and everything was fine untill a week or two ago.
- changed the internal NIC with another
- connected the internal network directly to the TP and all of the PCs are getting good network performance. Then connected the R machine to the TP as well and there was good performance between the internal network PCs and R.
- R has good performance to the TP. In fact everything has good performance directly to the TP (when not connecting trough R).
- the problem persist only between R and machines from the internal network.
So here's the setup:
Ubuntu 10.04 host inbound port 22 open
FreeBSD 8.0 host no inbound ports open
Both hosts are running sshd currently. What would you do for the Ubuntu host to be able to ssh to the FreeBSD host? A tunnel?
Why is it telling me that my hard drive cylinder head count isn't supported by bios when I've been using this hard drive with this bios for over a year? I mean Linux is booting off the hard drive this is supposedly unsorted apparently and managing telling me is unsupported... so it can't be that unsupported now can it? Sounds more like linux trying to blame bios for linux's problem.
View 3 Replies View RelatedI upgraded to FC15 in early june, come June 15 Thunderbird suddenly ceases to send or receive any email. It pops up with the message "You may have exceeded you maximum connections" and I've tried changing the cache connection count to 1 instead of the default 5 and every OTHER post about that error suggests to no avail. Funny thing, my primary desktop is still on FC13, same thunderbird version, arch and account setup (with SSL enabled) and works flawlessly. Even with -safe-mode enabled it doesn't work. My lightning calendar also doesn't sync since then.
I have found that if I turn SSL off IMAP works again, SSL SMTP still fails. If I turn SMTP SSL off it sends mail. The calendar is an https (SSL) link. Obviously the issue is SSL and Thunderbird in FC15. There are no errors/messages in the console, maillog or the in-built error console.I will NOT use mail without SSL as I may occasionally use unencrypted WiFi.
how to check the print quota status on print server?
View 1 Replies View RelatedI get the following error if i try and send to my mailserver. I'm running SuSe 11 with sendmail and dovecot. I can send emails no problem. I have looked around and looks like it's not my diskspace on the machine i don't have any quota's on mailboxes.
View 1 Replies View Related
