Installed Ubuntu Server 10.10, included Apache, PHP, and OpenSSH. Apache is up and serving pages, I can connect using PuTTY no problem. Server responds to a pingHowever, attempting to use ping or traceroute from the server results in a Destination Unreachable. Happens even for other 192.168.1.10x boxes on the local network
View 1 RepliesI am setting up a virtual server. Ubuntu 11.04, "minimal provider image".UFW was disabled by default. I set it to default deny. Allowed HTTP, SSH and other standard stuff, and enabled it. All seems to be OK. Adding one rule to block some annoying security scanners causes ping not to work. I'm not an Iptables expert, but it looks OK to me. I got it from some website, rather than invented it myself, but modified to to fit the ufw config file syntax. What in that rule prevents pings?!? It seems completely unrelated.
View 1 Replies View RelatedI have One Server which is having IP 10.176.0.155. I want that client 10.176.0.135 is not able to ping this server only & cane it is possible to block through hosts.
View 1 Replies View RelatedStruggling to get my Linux server accept ICMP redirects not originating from default gateway. No problem to get it working if the redirects is originating from def gw.I know it's not a good solution security wise, but my network is so cluttered I'm forced to do so.
View 1 Replies View Relatedi've tried blocking ping requests with iptables.. and it didnt work Quote: iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
also tried editing sysctl.conf.. which worked perfectly but after i restarted the system i was able to ping my ubuntu machine from my lappy here is what i added to sysctl.conf and then executed it with sysctl -p
Quote: net.ipv4.icmp_echo_ignore_all = 1 here is another atempt to block.. this one worked too... but again after the restart i was able to ping my machine.. Quote: echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
I was trying to write IPTABLES script to block the ICMP ping using the below mentioned command in OpenSUSE 11.2 Doing this in VMware.....
iptables -A OUTPUT -o eth0 -p icmp -j DROP
& then I tried to ping the different computer & it didnt allow me to ping.
Then I deleted using the command -
iptables -D OUTPUT -o eth0 -p icmp -j DROP
then I couldnt ping also. Another thing I found is my firefox is not connecting to the internet as well, but before writing the script, I can connect to internet.
I did a "dhclient" & iptables -F....
I have a problem in my server proxy.I'm using the debian etch distribution, only that now started showing this error:
201.42.212.47 sent an invalid ICMP type 3, code 0 error to a broacast: 0.0.0.0 on eth0
201.42.212.47 sent an invalid ICMP type 3, code 0 error to a broacast: 0.0.0.0 on eth0
201.42.212.47 sent an invalid ICMP type 3, code 0 error to a broacast: 0.0.0.0 on eth0
[code]....
I tried to ping some of the pcs on the local network but for those with icmp disabled it doesn't work. I've used
Code:
nmap -sP 192.168.2.0/24
how to identify the icmp packets & marking. this below icmp packets marking is not working.
iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x5
iptables -t mangle -A PREROUTING -p icmp -j RETURN
with the help of port no or any other how can i identify the icmp packet ?... This below two is working fine
iptables -t mangle -A PREROUTING -p tcp -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING -p tcp -j RETURN
iptables -t mangle -A PREROUTING -p udp -j MARK --set-mark 0x3
iptables -t mangle -A PREROUTING -p udp -j RETURN
I run a linux box as a gateway behind a satellite modem. The internet link over the satellite modem is only 1mbit so the usage often reaches 100% when someone is downloading/uploading something. I am seeing my ping return time jump from 700ms to 6000ms if someone tries to upload a file (by sending a attachment in a email etc). The satellite operator is saying this is normal, but I have my doubts.
Has ICMP got a lower priority? Should I really be seeing this behaviour? I understand that if it was a TCP packet then it would just be queued until the previous acknowledgement has been received. And if it was a UDP packet then it would have been dropped, but how does ICMP deal with these situations during heavy traffic?
Is there a way to set the IP that's returned in an ICMP TTL exceeded packet? Reason I ask is I have an edge router with several upstreams, and several downstream routers, and when I traceroute to it I would like only one of it's IP's to show up in the trace (Instead of each . Much like some of the larger ISP's do to mask the IP and hostname of their internal routers.. Is this possible?
View 2 Replies View RelatedWhy linux traceroute uses UDP protocol, we have basic ICMP protocol which is used in MS-windows tracert.Any specific use of traceroute using with UDP,TCP than ICMP?Windows is displaying all HOPs address but linux printing *.*.*
View 8 Replies View RelatedI set up a static IPv6 address and a gateway in /etc/network/interfaces. However, a bad router in my network environment alway send wrong ICMP router discovery messages to me. So I have got extra (wrong) IPv6 address and gateway, and the routing is confused. On Windows Servers, I can use "netsh interface ipv6 set interface "Local Area Connection" routerdiscovery=disable" to disable ICMP router discovery. But I don't know how to disable it on Ubuntu 9.10. How could I disable ICMP router discovery for IPv6?
View 4 Replies View RelatedWhen I ping our Microsoft Windows terminal server "cluster" farm, I get ICMP warnings that there are duplicate packets. I am able to rdesktop to the cluster with no problems. We are trying to setup nagios to run on this Ubuntu configuration and nagios is reporting the following error:
"PING WARNING - DUPLICATES! Packet Loss=0%, RTA=.98ms.
FPing reports duplicates as well. Is there a setting in the Arp table that needs to be set differently because the "Cluster" MAC address isn't an actual hardware MAC but a virtual MAC address?
I have a C program which does.
1. Creates a UDP socket
2. Send the UDP Request packet to the TFTP server.
3. If the TFTP server is not listening in the 69 port, the remote machine send an ICMP ("Port Unreachable") message.
Is there a way to receive a notification from the Linux kernel on receipt of an ICMP packet to the created UDP socket.
icmp request from an ip that is in the same network as one of the local interfaces is not responded to, if the ping request is received via an interface in a different network. Is this some security feature?
Consider the below network
x.1|RTR1|-y.1---------y.2-|RTR2|-z.2------z.3-|LNX|-x.3
RTR - Router
x.1 -> 192.168.x.1
LNX - Linux machine
[Code]....
So im trying to get an icmp tunnel setup using ptunnel. When I run it under the same network and use to connect to RDP, it works fine, however when go outside my network and connect in, it does not get anywhere. I can confirm that I have forwarded ICMP packets to the server (if I ping the external ip it will show the status of the server if I unplug it) and that the server is showing signs of registering it.
On the client it just tries to resend the packet "Resending packet with seq-no 0" Over and over Firewall is off for testing so thats not the issue.
in my network, users has total access to their PCs, so theres a problem to filter (URL, ports,etc.) their virtual machines installed (they can assign self any IP, e.g.)
Id thought about use the MAC prefix in VMware VMs (00:0c:29:*), but i can only found a way through DHCP, and this isn't a good solution (they can assign a static IP to workaround...)
It will be better using firewall (iptables), but I don't found the way to add rules based in MACs with wildcards.
From what I've read, when linux sends a ping it sends without the netmask, so windows server assumes it must be a broadcast? Why doesn't linux send a netmask with a ping?
View 6 Replies View RelatedWhy firewalls does not allow ICMP echo request packets. Why are pings not allowed to certain systems?
View 1 Replies View RelatedCan any one tell me a network monitoring tool which can monitor remote connectivity and generate a comprehensive report about the link state like up/down, error timings, increase in latency and packet loss rate.
View 3 Replies View RelatedOn my system, I have built my own tunneling protocol, where I relay packets over a non-standardized but verified medium. What I do is capture the packets using iptables and NFQUEUE, relay them over my medium, and at the other end I reinject them using raw sockets. The packet going into the tunnel is exactly the same as the one coming out, verified. The problem is that this doesn't work for ICMP Ping (Echo Request) if the destination of the ping is the same as the tunnel endpoint. If the destination is not the same as the tunnel endpoint, the ping packet is rerouted and arrives as it should at the receiver, and the ping reply comes back to the sender. Does anyone know whats going on? Isn't it possible to send raw icmp to yourself? If not, anyone have an idea what I should do instead?
View 1 Replies View RelatedI have a dedicated host on my lan to monitor other hosts/services using Nagios. I'm in the process of migrating to Zabbix on that host to perform the same purpose. Both Nagios and Zabbix monitor icmp ping latency (Nagios uses ping, Zabbix uses fping) and over time the latency to other hosts grows until threshold alarms are triggered. In one week, the average latency grows from sub-millisecond to over 100 milliseconds, and continues to grow until the Nagios host is rebooted. I have verified the latency numbers using ping/fping from the command line on the Nagios host.
The problem is that pings from the monitored hosts to the Nagios host show normal latency at the time the Nagios host is showing high latency from itself to the monitored hosts. The Nagios host and monitored hosts are all connected to the same Dell 24 port gigabit switch. I already posted this question on the Zabbix forums with a graph of the latency but there were no answers. [URL] why the icmp ping latency is growing over time and how I can fix it short of rebooting the host on a schedule.
[Code]...
I have FTPS setup on my ubuntu server 9.10 machine using vsftpd, and I want to disable the default SFTP server in openSSH. I didn't even know it was on until I accidentally connected to it. I tried searching the internet, and it seems that all I should have to do is comment out the line:
Code: Subsystem sftp /usr/lib/openssh/sftp-server restart sshd and it shouldn't work anymore.....except it does. Thinking that /etc/init.d/ssh restart may not have worked, I restarted the machine, but I can still connect over sFTP.
I am using VSFTPD as my FTP daemon. I want it to be set up so that my user (cj) will have a default directory of / when I log on to the FTP server and I want the secondary account (guest) to have it's home directory as the default location without any access to the root of the drive.
I need my account to have the default as / because the FTP client that I use in Windows won't go up to the parent directory of the default. Therefore, I cannot access the rest of my drive.
When I set "local_root" to "/" , it brings both users to the / directory when they sign in, even though the guest account is set to open the home directory with the "chroot_list_enable". It seems like the local_root option overrides the chroot_list_enable option.
Is there any way to set the default directory for each local user separately?
Also, Let me know if this is impossible with this FTP daemon
I need to place an Ubuntu machine on a network where I have a DHCP server which does not configure the Degault Gateway parameter (we don't want ordinary users to browse the internet). Is it possible to leave the machine using DHCP and define the Default Gateway manually (as in Windows XP i.e.)? How?
View 1 Replies View RelatedNow that I've set up an FTP server here at home I'm thinking that it might be a good idea to change from the default Port 21 to something else. Can I use any port I desire or are there only certain ports that support this protocol?
View 14 Replies View RelatedI posted it on another forum, but could not get response,So I have this cenOS, Ubuntu and windows operating system running on virtual machines.Now I gave them manual ip address, both ubuntu and windows machines can ping the default gateway, but not the CentOS.It should forward 0.0.0.0. to my cisco router address(192.168.5.254),
View 4 Replies View RelatedI have installed dhcp-server on ubuntu. And server is providing ip address to clients (Window machines) but not default-gateway but I have another network in my network and same configuration and same dhcp-server provides every information.
View 5 Replies View RelatedHave been running ubuntu for sometime now and love its functionality...However since a recent update have the following issues..When I power on the laptop I get the toshiba logo followed by grub loading with the message ' invalid enviroment block" "unable to load default boot entries". When I then try to run the laptop off a LiveCd, the ubuntu splash screen appears with the loading process bar (horizontal line) displayed..however it then appears to display a black screen with no further activity..Now all of this is via an external monitor as my laptop screen shows no activity right from the very start with just a blank screen....so am really stuck here wondering if its a harware/software issue or a combination of both...
View 1 Replies View Related