icmp packets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I have a 'weird' problem that's most likely attributed to a
bad netfilter rules policy.  

I am trying to ping from an internal machine to an external
site.  

$IPTB -A INPUT -i $INET_IF -p icmp -s $EXT_SITE -j ACCEPT
$IPTB -A OUTPUT -o $INET_IF -p icmp -d $EXT_SITE -j ACCEPT

$IPTB -A FORWARD -i $DMZ_IF -o $INET_IF -p icmp -d $EXT_SITE -j ACCEPT
$IPTB -t nat -A POSTROUTING -o $INET_IF -p icmp -d $EXT_SITE \
              -j SNAT --to-source $INET_IP

Now when I ping from an internal IP, I do not get a response
until the nth icmp_seq, where n > 100 (so far my testing). 
Is there something wrong with the above rules?

Apparently I'm not getting a echo reply until n > 100?  
I feel my understanding of ICMP packets requires some
further expanding.

Thanks

Ed
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux