|
Title: I can not ping from internet to red interface Post by: razametal on Friday 16 July 2010, 06:36:50 am Hi,
I've EndianFW 2.4.1 and can not ping from internet to the RED interface. I'm allowing the ICMP protocol with ports number 8 and 30 on Firewall, system access, I'm attaching an screenshot of the rules that i've applied. Do I need to setup more rules ? What can be wrong? Title: Re: I can not ping from internet to red interface Post by: DFen on Sunday 18 July 2010, 11:08:21 pm razametal
What are you using as your Internet connection? Can you confirm your IP is pingable when endian is not connected - i.e. connect a PC via same router to the Internet. Have you checked that your router allows ping? Title: Re: I can not ping from internet to red interface Post by: razametal on Tuesday 20 July 2010, 12:42:13 am Yes, the IP can reply icmp packets from internet when I connect another device.
Title: Re: I can not ping from internet to red interface Post by: mrkroket on Tuesday 20 July 2010, 12:54:46 am Just a note. System access firewall are meant to access the system (i.e. Endian Firewall), not incoming traffic. I'm seeing a lot of rules related to incoming traffic there.
Did it work this way? _____________________________________________________________________________________________________________________________ Yo tengo varias reglas de acceso externas pero asignadas a IP's fijas. No tengo necesidad de ofrecer ping ni nada, sólo es acceso administrativo. Si algo no te funciona activa el logging y empieza a ver los informes de tráfico entrante, a ver si te tira paquetes. Prueba a poner reglas más permisivas. Por ejemplo <ANY> <RED> <Any Service> con log activado, y ver si así hace ping. Si hace ping, miras los logs a ver qué está llegando. Title: Re: I can not ping from internet to red interface Post by: razametal on Tuesday 20 July 2010, 01:55:58 am I need these rules applied to make the port redirection works. I'll be testing disbling it.
Title: Re: I can not ping from internet to red interface Post by: DFen on Tuesday 20 July 2010, 02:18:01 am I do not have any problems.
In System Access I have: 6 <ANY> RED ICMP/8 ICMP/30 ALLOW icmp ping So far as I can see the only difference is that I specify RED instead of uplink main. Looking at the iptables, it appears to enter the rules in INPUTFW something like this: 2521 158K ACCEPT icmp -- eth3 * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 8 0 0 ACCEPT icmp -- eth3 * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/sec burst 5 mode srcip-dstip icmp type 30 This will limit the number of pings to 3/sec with an initial burst up to 5. I tried the following frm an external Linux server: ping -i 0.01 -c 100 xx.xx.xx.226 --- xx.xx.xx.226 ping statistics --- 100 packets transmitted, 8 received, 92% packet loss, time 1243ms rtt min/avg/max/mdev = 18.322/18.368/18.409/0.181 ms, pipe 2 However ping -c 100 xx.xx.xx.226 --- xx.xx.xx.226 ping statistics --- 100 packets transmitted, 100 received, 0% packet loss, time 99397ms rtt min/avg/max/mdev = 18.318/27.785/231.654/38.228 ms This may not help at all - however if you run iptables -L INPUTFW -nv | grep icmp you will see if the packet/byte counts are zero (first two items on each line) Title: Re: I can not ping from internet to red interface Post by: DFen on Tuesday 20 July 2010, 02:30:49 am I need these rules applied to make the port redirection works. I'll be testing disbling it. You should not need additional rules where you have set up port forwarding. PForward is done in the nat table and before routing. It changes the destination address to your defined destination IP, so the traffic is routed from RED to GREEN/ORANGE. Endian will automatically enter rules to allow this! Title: Re: I can not ping from internet to red interface Post by: razametal on Tuesday 20 July 2010, 02:41:31 am Ahh.. great to know it. Then I'll be disbling these system access rules.
Thank you for the information. |