Is ICMP important?

Chuck Hallenbeck chuckh at sent.com
Thu Feb 12 11:53:37 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi Cecil,

Maybe my firewall is not out of the woods on this. The model I am
following has me accepting icmp packets of type 8 and 11 on the
input chain of the filter table, and dropping other types. I
think type 8 is an echo-request, and the tutorial says type 0 is
an echo-reply. So maybe I am dropping my echo-replies myself?

I tried logging all icmp packets without dropping any of them
while debugging this thing, and saw nothing in either direction
except my type 8 packets going out. No returns. I may try that
again in case I did not do it right. But I can ping my own local
host and the network address, plus this mysterious IP that says
it is filtering my packets, and nothing beyond that point.

Chuck

On Thu, 12 Feb 2004, Whitley CTR Cecil H wrote:

> Hi Chuck,
> I would like to point out one fact that you may not be aware of.  ICMP echo
> requests and ICMP echo replies are two seperate beasts.  You may have your
> firewall set up to allow icmp echo requests and deny icmp echo replies.
> This would provide the behavior you are seeing since incoming requests would
> not be filtered but incoming replies would be.  Outgoing replies wouldn't be
> filtered since your system is generating them.  This would result in others
> being able to ping you while you are unable to ping others.
>
> If you need assistance in distinguishing one from the other, let me know and
> i'll go look it up and post.
> regards,
> Cecil
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>

- -- 
The Moon is Waning Gibbous (60% of Full)
In a world without Fences or Walls no one needs Windows or Gates.
My home page is now at http://www.mhcable.com/~chuckh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iQCVAwUBQCuvmTVdG8M9x9tGAQJUqQP/dJpp2ECaysmTC4e4sfjQrQYyIMr3GxcH
/fU2CJ0D28WZ4FqnHimKvUXUcCsmeSG0hpoz1mxs/JxuMrVHaUvqjxlw7Zx3OlGx
oZr8tCQ8fLNEBFW/dFjIU++FXXsHtHfV6PxrJwred2juuzb8mVc6tDOLuGtUAx+p
uI4rGjGvdOE=
=m9mx
-----END PGP SIGNATURE-----





More information about the Speakup mailing list