On 05/14/2011 10:27 AM, JD wrote:
> On 05/14/11 08:48, G.Wolfe Woodbury wrote:
>> On 05/14/2011 09:36 AM, JD wrote:
>>> On my F14, I am running a firewall that accepts specific connection on
>>> specific ports from some machines on the LAN.
>>>
>>> However, for one machine I made a general rule to accept all connections:
>>>
>>> -A INPUT -s 192.168.1.60 -j ACCEPT
>>>
>>> After restarting the firewall,
>>>
>>> I still am unable to ping that machine and it is unable to ping me.
>>> That machine is not running a firewall.
>>>
>>> I can ping the router and another machine I have on the LAN.
>>> The machine at 192.168.1.60 can do the same.
Can you ssh in from the other machine ? Assuming yes .. then ..
If its 'ping' you're focused on you might add this in a shell (or
command line) - you need to allow some ICMP packets for proper network
function .. in addition to 'ping' (aka echo-reply/request).
icmp_types=( echo-reply echo-request \
time-exceeded fragmentation-needed \
destination-unreachable 30 )
mum_icmp_type=${#icmp_types[@]}
#
# These are on your firewall machine
#
ip=192.168.1.1
eth=eth0
# Input
j=0; while ((j < num_icmp_type))
do
itype=${icmp_types[j]}
iptables -A INPUT -d $ip -i $eth -p icmp --icmp-type $itype \
-j ACCEPT
let j=$j+1
done
# Output
j=0; while ((j < num_icmp_type))
do
itype=${icmp_types[j]}
iptables -A OUTPUT -s $ip -o $eth -p icmp --icmp-type $itype \
-j ACCEPT
let j=$j+1
done
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
