[plug] iptables questions

Daniel Pittman daniel at rimspace.net
Wed Sep 29 20:43:35 WST 2010

Fred Janon <fjanon at yahoo.com> writes:

> Thanks, it helps a lot. So I should just flush the iptables and keep working
> on the ISP firewall. I thought that I configured the firewall to let ping
> and traceroute packets in with udp ports 33434 to 33534 and icmp.

Your rules looked right to me, for what it is worth.  It just wasn't caused by
the firewall in the first place, so getting them right didn't fix things. ;)


> - Is there processes that listen to the pings and traceroute request by
>   default or do I need to start them? (I know, it is probably different for
>   all linux distribs and installs)

Actually, no: ping is handled by the kernel, and traceroute uses a different
bit of magic to work that doesn't particularly depend on anything listening.[1]

So, they just work(tm) without anything else involved.

> - are there iptables for root and each user???

Just root.  Well, "system-wide", perhaps.  They belong to the kernel.


[1]  Each IP packet has a "time to live" field, and when that decrementing
     counter hits zero the machine generates a "packet lost" message back to
     the sender.  So, it sends out packets with a gradually incrementing TTL
     and elicits that response from every hop between your machine and the
     destination.  Magic indeed. :0

✣ Daniel Pittman            ✉ daniel at rimspace.net            ☎ +61 401 155 707
               ♽ made with 100 percent post-consumer electrons

More information about the plug mailing list