Thread: WWW, telnet, everything works. Except ping.
View Single Post

  #3 (permalink)  
Old 01-16-2004
David Efflandt
 
Posts: n/a
Default Re: WWW, telnet, everything works. Except ping.
On 15 Jan 2004 14:52:52 -0800, Patrick <patrickfwd@yahoo.com> wrote:
> I know other newbies must be having this problem, but I can't find
> their posts: Though my internet connection works flawlessly, I can't
> get ping to ping anything but my own machine. I am trying to set up a
> LAN, and this keeps throwing me off.
>
> I'm on SuSE 8.2. I have a working dialup connection to the internet
> using wvdial. WWW, telnet, traceroute, and I'm sure lots of other
> things all work fine. But ping keeps returning the standard "Dest
> Unreachable, Bad Code: 9." I can successfully ping myself by pinging
> localhost, my internet IP, and my ethernet IP, and ping even
> successfully uses my ISP's nameserver to resolve outside IP's. But I
> can't ping the internet, or LAN IP's.
>
> When I do "tcpdump -i eth0" and ping 216.239.57.99 (google.com), it
> looks like this:
>
> 17:44:03.918110 64.24.114.62 > 216.239.57.99: icmp: echo request (DF)
> 17:44:04.052773 64.24.112.2 > 64.24.114.62: icmp: net 216.239.57.99
> unreachable - admin prohibited
>
> What does "admin prohibited" mean? The response is the same for every
> internet ping i've tried.

I have never seen that response and I am using SuSE 8.2 as my pppoe
firewall/masq. If it was just to internet I would say maybe your ISP was
blocking ping, but since you cannot ping your LAN either, it may be
something in /etc/sysconfig/SuSEfirewall2 (unless you configured your own
iptables rules). But that would be strange too because iptables normally
drops traffic it blocks, rather than respond with an error. Are you using
FW_QUICKMODE? Do you have any trouble with web access or anything else
from LAN?

I am not using quickmode, but even though I have following set to drop
pings initiated from internet, I can still ping internet hosts from LAN,
or either way from firewall:

FW_ALLOW_PING_FW="no"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"

--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/
Reply With Quote