    firewall problems

    Hi All
    my machine is not pinging from outside
    i have machine A behind firewall b
    when i try to ping machine A from internet (machine C)
    i get a output like this in /var/log/messages

    Jan 6 05:58:20 firewall kernel: IN=eth0 OUT=eth2 SRC=15.x1.x2.30 DST=22.y.x.22 LEN=84 TOS=0x00 PREC=0x00 TTL=45 ID=181 PROTO=ICMP TYPE=8 CODE=0 ID=26628 SEQ=0

    so it's not pinging machine A.

    But from machine A it's pinging machine C...

    so what's the problem

    waiting for ur reply

  2. #2

    Re:firewall problems

    It is possible that the firewall is configured to ACCEPT outgoing ICMP Echo packets and incoming ICMP Echo Reply packets, but is configured to DROP incoming ICMP Echo packets. Thus allowing a machine to respond to your ping request, but not allowing an outside machine to ping you.

    Are you able to ping your firewall at all?

  3. #3

    Re:firewall problems

    I thinks that when you ping someone you establish a state that allows that connection to send stuff back through your firewall. So if you have something like this

    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

    And you ping someone, than a state gets established and they can send you stuff back. If they decide to ping you the firewall will block it.

  4. #4

    Re:firewall problems

    Does machine A have a 'real address" ?

    if it is masqueraded behind the firewall i'd wonder how you are going to ping it ?
