Re: WWW, telnet, everything works. Except ping.

From: David Efflandt (
Date: 01/16/04

  • Next message: ray: "Re: 2nd question"
    Date: Fri, 16 Jan 2004 01:09:49 +0000 (UTC)

    On 15 Jan 2004 14:52:52 -0800, Patrick <> wrote:
    > I know other newbies must be having this problem, but I can't find
    > their posts: Though my internet connection works flawlessly, I can't
    > get ping to ping anything but my own machine. I am trying to set up a
    > LAN, and this keeps throwing me off.
    > I'm on SuSE 8.2. I have a working dialup connection to the internet
    > using wvdial. WWW, telnet, traceroute, and I'm sure lots of other
    > things all work fine. But ping keeps returning the standard "Dest
    > Unreachable, Bad Code: 9." I can successfully ping myself by pinging
    > localhost, my internet IP, and my ethernet IP, and ping even
    > successfully uses my ISP's nameserver to resolve outside IP's. But I
    > can't ping the internet, or LAN IP's.
    > When I do "tcpdump -i eth0" and ping (, it
    > looks like this:
    > 17:44:03.918110 > icmp: echo request (DF)
    > 17:44:04.052773 > icmp: net
    > unreachable - admin prohibited
    > What does "admin prohibited" mean? The response is the same for every
    > internet ping i've tried.

    I have never seen that response and I am using SuSE 8.2 as my pppoe
    firewall/masq. If it was just to internet I would say maybe your ISP was
    blocking ping, but since you cannot ping your LAN either, it may be
    something in /etc/sysconfig/SuSEfirewall2 (unless you configured your own
    iptables rules). But that would be strange too because iptables normally
    drops traffic it blocks, rather than respond with an error. Are you using
    FW_QUICKMODE? Do you have any trouble with web access or anything else
    from LAN?

    I am not using quickmode, but even though I have following set to drop
    pings initiated from internet, I can still ping internet hosts from LAN,
    or either way from firewall:


    David Efflandt - All spam ignored

  • Next message: ray: "Re: 2nd question"

    Relevant Pages

    • Re: natd + ipfw - very slow internet for LAN users
      ... > Ping to an ip address does not use DNS. ... > public internet by using rc.conf statement. ... Some computers are connected in LAN via SWITCH. ... > for LAN users should be good enough, ...
    • Re: Ping not working properly
      ... They are connected to the internet and there is no personal firewall ... I've installed a network printer on the lan however I cannot ... So I did a PING test to x.x.x.68. ...
    • Lost Dialup, Lost LAN
      ... It would dialup and connect, but there would be no internet there, I could ... At this point the LAN was still working, ... discovered that I could not even ping the other computers on the LAN. ... this point I realized that the network also had IPX/SPX enabled, ...
    • Re: Cannot simultaneously share DSL connection
      ... Did you typed the ID and PW of the Internet provider into the WAN DSL ... Computer 2: Nancy ... Target Nancy ... "DIANNE ping Nancy" ...
    • Re: Lost Dialup, Lost LAN
      ... Remove all instances of TCP/IP and then add that protocol back. ... name resolution and the ping program should say: ... computer off the LAN for IP purposes at least... ... > computer dials into the internet separately. ...