search for: icmp_echo_ignore_all

When installing Mandrake 9.0 with the higher security option you cannot ping any of it interfaces, localhost (127.0.0.1) included. All other connections to the system are fine, e.g. ssh, www, squid, etc. "shorewall clear" doesn''t help. Does anyone know how to turn this off for at least localhost and eth1?? Yours truly, Ben

Sorry for the frantic nature of this message, but we need to allow pings on our firewall so our ISP can test things. I''ve done this, and it still doesn''t work: (I am now at v.2.0.10) rules: AllowPing net fw AllowPing sls fw show indicates some matches, so where are they? Chain AllowPing (4 references) pkts bytes target prot opt in out source

I have followed the instructions at http://shorewall.net/FAQ.htm#faq2 along with some coaching on IRC from _Omache to get a machine (with IP address 66.93.22.233) to forward all port 25 traffic to another host in my network (with IP 66.93.22.254). This has not worked. I have tested by trying `telnet 66.93.22.233 25`, expecting to see the SMTP banner on 66.93.22.254. Of course, I don''t

I am running Redhat 6.1 as a firewall between a cable modem and my home network. Occasionally, I see messages such as these under /var/log/messages: Jan 17 13:38:16 saturn5 portmap[3726]: connect from 24.28.77.200 to dump(): request from unauthorized host Jan 18 14:00:34 saturn5 portmap[1544]: connect from 204.151.148.146 to dump(): request from unauthorized host My assumption is that the

...n - I based on samba tutorial and aexples and official microsoft web page with needed ports: Have you similar problems after firewall implementations ? iptables -F iptables -X iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP /bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all /bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts /bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route /bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects /bin/echo "1" > /proc/sys/net/ipv4/icmp_ignore_bo...

.../pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta5 Problems corrected: 1. A typo in shorewall.conf (NETNOTSYN) has been corrected. New Features: 1. For consistency, the CLIENT PORT(S) column in the tcrules file has been renamed SOURCE PORT(S). 2. The contents of /proc/sys/net/ip4/icmp_echo_ignore_all is now shown in the output of "shorewall status". 3. A new IPTABLES option has been added to shorewall.conf. IPTABLES can be used to designate the iptables executable to be used by Shorewall. If not specified, the iptables executable determined by the...

Hi, I configured some ha services using heartbeat, I have this on my log: Nov 14 09:59:06 mail1 heartbeat[3932]: ERROR: Unable to send bcast [-1] packet: Operation not permitted Nov 14 09:59:06 mail1 heartbeat[3932]: ERROR: write failure on bcast bond1.: Operation not permitted how allow broadcast only on some interfaces with shorewall? attacched is shorewall status Thanks Nicola

I've looked through all the doc and searched the list archives, but I just can't seem to get it to work. I have a Linux box with 5 ethernet interfaces, 3 of which have winboxes I'd like to include in my little Samba network. I'm able to get it far enough for each winbox to see the linbox, but they can't see each other. Here's my setup: Winboxes Linbox Win2k -

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=40 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From laforge@netfilter.org 2003-02-03 16:49 ------- We haven't seen this

I''m very new to shorewall. My setup is IP Gateway (CentOS 4 + Shorewall) with 3 NIC cards. Shorewall works great on the firewall machine. Bind also works (local net machines get IPs fine). Under firestarter, all works great. With shorewall, the loc machines can not route past the firewall. They can connect to the firewall, but not past it. Exactly what information should I post to get

...tes packets errors dropped carrier collsns 0 0 0 0 0 0 6: ppp0: mtu 1500 qdisc pfifo_fast qlen 3 link/ppp RX: bytes packets errors dropped overrun mcast 240393 400 0 0 0 0 TX: bytes packets errors dropped carrier collsns 42348 380 0 0 0 0 /proc /proc/sys/net/ipv4/ip_forward = 1 /proc/sys/net/ipv4/icmp_echo_ignore_all = 0 /proc/sys/net/ipv4/conf/all/proxy_arp = 0 /proc/sys/net/ipv4/conf/all/arp_filter = 0 /proc/sys/net/ipv4/conf/all/rp_filter = 1 /proc/sys/net/ipv4/conf/all/log_martians = 0 /proc/sys/net/ipv4/conf/default/proxy_arp = 0 /proc/sys/net/ipv4/conf/default/arp_filter = 0 /proc/sys/net/ipv4/conf/defaul...

...ropped overrun mcast > 8655889 6994 0 0 0 0 > TX: bytes packets errors dropped carrier collsns > 381569 3735 0 0 0 0 > > /proc > > /proc/sys/net/ipv4/ip_forward = 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all = 0 > /proc/sys/net/ipv4/conf/all/proxy_arp = 0 > /proc/sys/net/ipv4/conf/all/arp_filter = 0 > /proc/sys/net/ipv4/conf/all/rp_filter = 1 > /proc/sys/net/ipv4/conf/all/log_martians = 0 > /proc/sys/net/ipv4/conf/default/proxy_arp = 0 > /proc/sys/net/ipv4/conf/defau...

...it 0.0.0.0 brd 0.0.0.0 RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0 /proc /proc/sys/net/ipv4/ip_forward = 1 /proc/sys/net/ipv4/icmp_echo_ignore_all = 0 /proc/sys/net/ipv4/conf/all/proxy_arp = 0 /proc/sys/net/ipv4/conf/all/arp_filter = 0 /proc/sys/net/ipv4/conf/all/rp_filter = 0 /proc/sys/net/ipv4/conf/all/log_martians = 0 /proc/sys/net/ipv4/conf/default/proxy_arp = 0 /proc/sys/net/ipv4/conf/default/arp_filter = 0 /proc/sys...

...:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 3670 48 0 0 0 0 TX: bytes packets errors dropped carrier collsns 3994 61 0 0 0 0 /proc /proc/sys/net/ipv4/ip_forward = 1 /proc/sys/net/ipv4/icmp_echo_ignore_all = 0 /proc/sys/net/ipv4/conf/all/proxy_arp = 0 /proc/sys/net/ipv4/conf/all/arp_filter = 0 /proc/sys/net/ipv4/conf/all/rp_filter = 1 /proc/sys/net/ipv4/conf/all/log_martians = 0 /proc/sys/net/ipv4/conf/br0/proxy_arp = 0 /proc/sys/net/ipv4/conf/br0/arp_filter = 0 /proc/sys/net/ipv4/conf/...

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

...rors dropped carrier collsns 5661258 36597 0 0 0 0 Bridges bridge name bridge id STP enabled interfaces br0 8000.000d8855d210 no ath0 eth1 /proc /proc/sys/net/ipv4/ip_forward = 1 /proc/sys/net/ipv4/icmp_echo_ignore_all = 0 /proc/sys/net/ipv4/conf/all/proxy_arp = 0 /proc/sys/net/ipv4/conf/all/arp_filter = 0 /proc/sys/net/ipv4/conf/all/rp_filter = 1 /proc/sys/net/ipv4/conf/all/log_martians = 0 /proc/sys/net/ipv4/conf/ath0/proxy_arp = 0 /proc/sys/net/ipv4/conf/ath0/arp_filter = 0 /proc/sys/net/i...

Hi, I''m running Slackware 13.37 x86 using Shorewall 4.4.21 with OpenVPN and the VPN options I''m using in Slackware 13.37 will not work in Shorewall, but in Slackware 13.1 using the same Shorewall version and files, the ''interfaces'', ''policy'' and ''zone'', are all I have configured, it was working and this also works in Arch at