Re: WWW, telnet, everything works. Except ping.

From: David Efflandt (efflandt_at_xnet.com)
Date: 01/16/04

  • Next message: ray: "Re: 2nd question"
    Date: Fri, 16 Jan 2004 01:09:49 +0000 (UTC)
    
    

    On 15 Jan 2004 14:52:52 -0800, Patrick <patrickfwd@yahoo.com> wrote:
    > I know other newbies must be having this problem, but I can't find
    > their posts: Though my internet connection works flawlessly, I can't
    > get ping to ping anything but my own machine. I am trying to set up a
    > LAN, and this keeps throwing me off.
    >
    > I'm on SuSE 8.2. I have a working dialup connection to the internet
    > using wvdial. WWW, telnet, traceroute, and I'm sure lots of other
    > things all work fine. But ping keeps returning the standard "Dest
    > Unreachable, Bad Code: 9." I can successfully ping myself by pinging
    > localhost, my internet IP, and my ethernet IP, and ping even
    > successfully uses my ISP's nameserver to resolve outside IP's. But I
    > can't ping the internet, or LAN IP's.
    >
    > When I do "tcpdump -i eth0" and ping 216.239.57.99 (google.com), it
    > looks like this:
    >
    > 17:44:03.918110 64.24.114.62 > 216.239.57.99: icmp: echo request (DF)
    > 17:44:04.052773 64.24.112.2 > 64.24.114.62: icmp: net 216.239.57.99
    > unreachable - admin prohibited
    >
    > What does "admin prohibited" mean? The response is the same for every
    > internet ping i've tried.

    I have never seen that response and I am using SuSE 8.2 as my pppoe
    firewall/masq. If it was just to internet I would say maybe your ISP was
    blocking ping, but since you cannot ping your LAN either, it may be
    something in /etc/sysconfig/SuSEfirewall2 (unless you configured your own
    iptables rules). But that would be strange too because iptables normally
    drops traffic it blocks, rather than respond with an error. Are you using
    FW_QUICKMODE? Do you have any trouble with web access or anything else
    from LAN?

    I am not using quickmode, but even though I have following set to drop
    pings initiated from internet, I can still ping internet hosts from LAN,
    or either way from firewall:

    FW_ALLOW_PING_FW="no"
    FW_ALLOW_PING_DMZ="no"
    FW_ALLOW_PING_EXT="no"

    -- 
    David Efflandt - All spam ignored  http://www.de-srv.com/
    http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
    http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/
    

  • Next message: ray: "Re: 2nd question"