On Mon, 20 Dec 2004, Rob Sterenborg wrote: > netfilter-bounces@xxxxxxxxxxxxxxxxxxx wrote: > > > First time to write, i hope i do it the right way :) i want > > Welcome :o) > > > to be able to make pings inside my network. At the moment i > > am trying to ping my linux box from an windows terminal and i get > > request timed out. > > You don't give much information about what you've done already, but you > have probably set the policy for the INPUT chain to DROP so it will drop > any packet for which NF has no rule to accept it. > In that case you'll have to accept ICMP traffic from your LAN : > iptables -A INPUT -i $IF_LAN -s $IP_LAN -p icmp -j ACCEPT > > If you have also set policy to DROP for the OUTPUT chain, you'll want to > be able to send the reply packets : > iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > Doesnt; this also require a FORWARD rule for other systems inside the lan to talk to one another> And might not the OUTPUT rulke include NEW, incase he wants replies from the FW tself to be returned? Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com ...Love is the ultimate outlaw. It just won't adhere to rules. The most any of us can do is sign on as it's accomplice. Instead of vowing to honor and obey, maybe we should swear to aid and abet. That would mean that security is out of the question. The words "make" and "stay" become inappropriate. My love for you has no strings attached. I love you for free... -Tom Robins <Still Life With Woodpecker>