I need to allow ICMP ping for one host only. I found out how to enable it to all hosts (ICMP Filtering, check ping) but I would like to reduce the scope to one host. I know I can add rules in the user_post script but I can't find the correct iptables command ...
View 4 RepliesI am setting up a virtual server. Ubuntu 11.04, "minimal provider image".UFW was disabled by default. I set it to default deny. Allowed HTTP, SSH and other standard stuff, and enabled it. All seems to be OK. Adding one rule to block some annoying security scanners causes ping not to work. I'm not an Iptables expert, but it looks OK to me. I got it from some website, rather than invented it myself, but modified to to fit the ufw config file syntax. What in that rule prevents pings?!? It seems completely unrelated.
View 1 Replies View RelatedHost - Fedora 12 64bit
KVM
VM - Windows Server 2008 64 bit
bridge-utils
VM can ping host and Internet but host can't ping VM.
I set VM static IP 192.168.0.205.
It turns out dynamic IP - 192.168.0.55
On host:
I tried to ping some of the pcs on the local network but for those with icmp disabled it doesn't work. I've used
Code:
nmap -sP 192.168.2.0/24
When I ping our Microsoft Windows terminal server "cluster" farm, I get ICMP warnings that there are duplicate packets. I am able to rdesktop to the cluster with no problems. We are trying to setup nagios to run on this Ubuntu configuration and nagios is reporting the following error:
"PING WARNING - DUPLICATES! Packet Loss=0%, RTA=.98ms.
FPing reports duplicates as well. Is there a setting in the Arp table that needs to be set differently because the "Cluster" MAC address isn't an actual hardware MAC but a virtual MAC address?
I have a dedicated host on my lan to monitor other hosts/services using Nagios. I'm in the process of migrating to Zabbix on that host to perform the same purpose. Both Nagios and Zabbix monitor icmp ping latency (Nagios uses ping, Zabbix uses fping) and over time the latency to other hosts grows until threshold alarms are triggered. In one week, the average latency grows from sub-millisecond to over 100 milliseconds, and continues to grow until the Nagios host is rebooted. I have verified the latency numbers using ping/fping from the command line on the Nagios host.
The problem is that pings from the monitored hosts to the Nagios host show normal latency at the time the Nagios host is showing high latency from itself to the monitored hosts. The Nagios host and monitored hosts are all connected to the same Dell 24 port gigabit switch. I already posted this question on the Zabbix forums with a graph of the latency but there were no answers. [URL] why the icmp ping latency is growing over time and how I can fix it short of rebooting the host on a schedule.
[Code]...
Is there a way to set the IP that's returned in an ICMP TTL exceeded packet? Reason I ask is I have an edge router with several upstreams, and several downstream routers, and when I traceroute to it I would like only one of it's IP's to show up in the trace (Instead of each . Much like some of the larger ISP's do to mask the IP and hostname of their internal routers.. Is this possible?
View 2 Replies View RelatedI was trying to write IPTABLES script to block the ICMP ping using the below mentioned command in OpenSUSE 11.2 Doing this in VMware.....
iptables -A OUTPUT -o eth0 -p icmp -j DROP
& then I tried to ping the different computer & it didnt allow me to ping.
Then I deleted using the command -
iptables -D OUTPUT -o eth0 -p icmp -j DROP
then I couldnt ping also. Another thing I found is my firefox is not connecting to the internet as well, but before writing the script, I can connect to internet.
I did a "dhclient" & iptables -F....
Even ping google's ip address doesn't work. unknown host error using backtrack4 able to browse net with these settings.
My network settings:
What's the problem with these settings...
Ive got a problem on my server ....installed Debian 5 , Webmin and than syscp settung up syscp ready ....
I try to ping "localhost" ansver ping: unknown host
I try to ping "localhost." there is a host with IP 127.0.0.1
I need it to change it in "localhost"
Is that the bind9 maybe?
Brief overview of my current setup:
Code:
The ip_blacklist chain is used to immediately drop any traffic from specified address ranges, while the tcp_, udp_, and icmp_packets chains contain rules for further processing of those protocols. The last rule in each of the latter three chains drops all packets that didn't match any rules above it; so tcp, udp, and icmp packets should NOT get caught by the default INPUT policy (DROP). The goal of the last rule on the INPUT chain is to then log any packets that are picked up by the default policy. However, it's not working.
I can tell that there are packets being picked off by the default policy because the counters are being incremented, but nothing is logged by that last rule. My conclusion is that it's only looking for tcp, udp, and icmp packets and ignoring everything else.
How to get iptables to log all the other protocols (or whatever is being caught by the default policy)?
i have configured racoon (ipsec tunnel) between 2 hosts and i am afraid of unencrypted ICMP which appears in TCPDUMP logs. There ale also encrypted ESP packets. Is this result of wrong racoon configuration?
172.16.220.133
Code:
[root@localhost ~]# cat /etc/racoon/racoon.conf
# racoon.conf
path pre_shared_key "/etc/racoon/psk.txt" ;
remote anonymous
[Code]...
i've tried blocking ping requests with iptables.. and it didnt work Quote: iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
also tried editing sysctl.conf.. which worked perfectly but after i restarted the system i was able to ping my ubuntu machine from my lappy here is what i added to sysctl.conf and then executed it with sysctl -p
Quote: net.ipv4.icmp_echo_ignore_all = 1 here is another atempt to block.. this one worked too... but again after the restart i was able to ping my machine.. Quote: echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
I've been trying to configure ufw to drop ping requests for a couple days now, and I can't figure it out. I've tried a couple different methods in some different guides, still nothing. Anyone know how to do this?
View 4 Replies View RelatedHost - Fedora 12 64bit
KVM
VM - Windows Server 2008 64 bit
bridge-utils
VM can ping host and Internet but host can't ping VM.
I set VM static IP 192.168.0.205.
It turns out dynamic IP - 192.168.0.55
On host:
$ ping -c3 192.168.0.55
fails
I made an ip packet using raw sockets and used icmp header of echo request inside that ip packet.I have a wifi lan with 2 host(laptops) connected to it. when I send the packets to any of these host the reply me with echo reply as i see in wireshark. but when i change the source ip and mac to that of another host there is no echo reply packet in the network but only echo request packet is there. Can anybody tell me why is this happening. and am also using Promiscuous mode so non of the packet is discarding.
View 3 Replies View RelatedI have a server that I can ping, and I can connect remotely with ssh to it. But when I try to connect to apache (port 80) I get "no route to host". But I can connect to localhost It's not just my client system that is having this problem but also systems that are on the same subnet There is no firewall running on the server route on the server
[Code]...
i have installed virtualbox on centos , and installed xp as a guest os. my LAN is on 10.200.2.x/24 network inorder to avoid conflict i have given centos ip as 10.200.2.191/24 and a virtual ip 192.168.56.4/24 my gateway is 10.200.2.1 i am able to ping from my guest os to host os the ip address but not the gateway inorder for internet connectivity
some of the configuration of virtual box
Display
Video Memory:
16 MB
3D Acceleration:
[Code]....
I have VirtualBox v3.1.0 r55467 running on f12 2.6.31.6-162.fc12.i686. The guest is Windows XP SP3. I need to enable bridged mode for the virtual network interface on the guest. Everytime I enable bridge mode the following error occurs.
Quote:
Failed to start the virtual machine Windows XP. Failed to open/create the internal network 'HostInterfaceNetworking-wlan0' (VERR_SUPDRV_COMPONENT_NOT_FOUND). One of the kernel modules was not successfully loaded. Make sure that no kernel modules from an older version of VirtualBox exist. Then try to recompile and reload the kernel modules by executing '/etc/init.d/vboxdrv setup' as root (VERR_SUPDRV_COMPONENT_NOT_FOUND). When I run '/etc/init.d/vboxdrv setup' i get the following compilation error:
Quote:
Stopping VirtualBox kernel module [ OK ]
Removing old VirtualBox netadp kernel module [ OK ]
Removing old VirtualBox netflt kernel module [ OK ]
[code]....
dmesg gives me nothing. I have scoured the web .. and even asked on #vbox and #fedora cant get.
I am using ubuntu 9.10 and I still cannot figure out this thing. I work behind a proxy managed by my university. Now, I cannot ping the other users on my network although they can ping me. Not to mention, I also cannot ping [URL]... It says : ping: unknown host [URL]... But I can ping the proxy server.
View 4 Replies View RelatedI have a somewhat complicated network setup that I am testing on an internal network. I have the following route setup:
PC Client (192.168.2.100) --> Router (192.168.2.1) --> DSLAM (on our internal network) --> PPPOE Server (192.168.9.1) on Linux Ubuntu 8.04 on interface card eth2.
On the same Linux Ubuntu Machine on interface card eth1 (static IP 192.168.5.100), I have an Asterisk SIP server plugged into it. SIP Server = 192.168.5.101 (static) I need the PC client (192.168.2.100) to register via SIP soft phone to register on the SIP server (192.168.5.101). From the PC client I can ping as far as the eth1 interface (192.168.5.100)...but cannot ping the SIP Server (.101).
From the SIP server (192.156.5.101)...I can ping 192.168.5.100, I can ping 169.254.5.228 (Eth2:avahi), but not sure what that is. I cannot ping the pppoe default gateway (192.168.9.1), which I think you cannot anyway. No firewalls are running. My IPtables I cleaned out totally. I think it might be as simple as a route add, but I really have no clue. Tried building a virtual bridge using brctl LINUX betweeh eth1 and eth2, but that made things worse (could not ping anything after that)
Route table:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.9.100 * 255.255.255.255 UH 0 0 0 ppp0
192.168.5.0 * 255.255.255.0 U 0 0 0 eth1
[code]...
If I try ping a host on my internal lan from my ubuntu notebook the host name never resolves, but if I ping www.domainname.xxx it will resolve because our dhcp server is setup as the dns server too. If I use the connect to server tool and select samba share and specify host by name, it can resolve that and the shares show up... same dns server, same machine, but different interface/program. My real reason behind this is because my synergy+ keeps falling over whenever the synergy servers dhcp lease expires and it gets a new I have to then specify the new address and change configs.
View 3 Replies View RelatedI am working behind a http proxy (172.30.x.x:3128). I have configured it in my terminal. All the applications such as wget,lynx firefox etc. are working correctly.However all dns utilities like nslookup, host and even ping too are not working.Following is output of host command:
Code:
root@ding:~# host google.com
;; connection timed out; no servers could be reached
Output of host -T:
[Code]....
To connect to net I have to first run dhclient3(learnt from this forum!).It gives me my ip but where is dns address sent I don't have and idea.
I'm running openSUSE 11.2 (Linux piura 2.6.31.12-0.2-desktop #1 SMP PREEMPT 2010-03-16 21:25:39 +0100 x86_64 x86_64 x86_64 GNU/Linux) and have a network problem. At work, ethernet works fine. When I plug it into my DSL router at home (which works with other computers), I encounter the following behavior: ping can resolve host names, however, traceroute and Firefox and Thunderbird cannot.
It happens for both wired and wireless connections.
I had configured Squid in RHEL 5 and facing an issue with pinging. Not able to ping any website,hostname is resolving to ip address but not able to ping
[code]...
I am using an virtual machine. where I need to ping from one machine to another. earlier I was able to ping. But after going to google.com once, I cannot ping back to this machine.
But if I gave ping -I eth1 <IP> then I can ping.
I cannot install any package, so tell me solution which includes not installing any package.
I can ping a host on my LAN successfully, but I cannot ping [URL]... for example. I have disabled the firewall and set http_proxy and can browse the internet with "Use system proxy settings" checked in Firefox. I am unable to update with yum either, but I am not sure if this is a side effect or not. I have run a trace on my ip address as I am browsing the internet and I can see the sites I am visiting on our web appliance. However, if I try to ping or update no requests are hitting the proxy so I don't think that is the issue.
View 6 Replies View RelatedNot sure if this post belongs here, but here it is.
Host: Win server 2003
Guest: Ubuntu server
Host: IS able to ping guest. Firewall is OFF. NOT able to access guest (which is a web-server) at browser.
Guest: NOT able to ping host. Running a web server, you can check the website: (pegajosa.com) is running under that virtual Linux server.
Problem: guest needs to access host's sql database and/or any resources.
Network: is bridged.
At the Linux box ifconfig -a code...
I've encountered a problem after doing a fresh install with xubuntu 10.10 (2.6.35-23-generic).some sites are blocked like [url]....if I do dig [url]....- I receive the A, CNAME records and the IP address and everything.when ping[url].... - I receive 'unknown host'.when ping <theipaddress> - I receive responses
View 2 Replies View RelatedI have a machine running linux with 3 ethernet interfaces attached.
My Ifconfig:
My route output:
eth0 is attached to a laptop, eth1 is attached to a PC. eth2 is attached to a DSL modem, and the server is successfully acting as my internet gateway. The trouble is, my PC cannot see my laptop and vice versa. E.G. cannot ping, host seems down.