<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"> enablingThanks, it helps a lot. So I should just flush the iptables and keep working on the ISP firewall. I thought that I configured the firewall to let ping and traceroute packets in with udp ports 33434 to 33534 and icmp.<br><br>Last time I asked, my ISP (TPG) was letting everything through.<br><br>More questions then:<br><br>- Is there processes that listen to the pings and traceroute request by default or do I need to start them? (I know, it is probably different for all linux distribs and installs)<br><br>- are there iptables for root and each user???<br><br>Thanks for being more precise.<br><br>Fred<br><br>--- On <b>Wed, 9/29/10, Daniel Pittman <i><daniel@rimspace.net></i></b> wrote:<br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"><br>From: Daniel Pittman <daniel@rimspace.net><br>Subject:
Re: [plug] iptables questions<br>To: plug@plug.org.au<br>Date: Wednesday, September 29, 2010, 5:00 PM<br><br><div class="plainMail">Fred Janon <<a ymailto="mailto:fjanon@yahoo.com" href="/mc/compose?to=fjanon@yahoo.com">fjanon@yahoo.com</a>> writes:<br><br>> I am trying to understand how iptables work. I have a CentOS install and I<br>> am trying to enable ping/tracert on that instance. I don't understand if<br>> every port is open or closed by default on that instance?<br><br>The behaviour of iptables when there isn't a rule is called the "policy", and<br>as you can see from your output...<br><br>> $ sudo iptables -L -n<br>> Chain INPUT (policy ACCEPT)<br><br>...the INPUT chain has a policy of ACCEPT. So, if no rules match the packet<br>the policy is to accept it. The rest of the chains are left as an exercise<br>for the reader.<br><br>> What does an empty rule mean?<br><br>There is no such thing as "an empty
rule". You *can* talk about an empty<br>table, in which case it means one of two things:<br><br>If it is a root table (eg: INPUT, FORWARD, OUTPUT, and related) then the<br>default behaviour is as per the policy.<br><br>If it is a user-defined table then the behaviour is to return to the calling<br>table and proceed from the rule following the caller.<br><br>> Every port opne or every port clodes?<br><br>It might be worth noting that a port being "open" or "closed" is actually<br>using a bit of network jargon incorrectly. While I know you mean "is the<br>firewall letting packets through", it usually refers to "is there a process<br>listening for packets on that protocol and port?"<br><br>"blocked", or "firewalled", would be more typical ways to express what that<br>question is asking, and that might help with confusion when talking to other<br>folks about it. :)<br><br>[...]<br><br>> After some research, I did this to try to enable
PINGs. The server IP is<br>> 10.161.82.237<br>><br>> ---------------------------<br>> $ SERVER_IP="10.161.82.237"<br>> $ sudo iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -d<br>> $SERVER_IP -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT<br><br>[...]<br><br>> The tracert or ping still time out.<br><br>traceroute uses UDP packets, not ICMP, but whatever the cause of your problem,<br>it isn't the firewall rules. :)<br><br>I don't know why they are not getting between your client and your server, but<br>the firewall is allowing them through. I would suggest you check if your<br>hosting provider has any firewall in place, and that your ISP and local router<br>are not blocking the requests.<br><br> Daniel<br>-- <br>✣ Daniel Pittman ✉ <a ymailto="mailto:daniel@rimspace.net" href="/mc/compose?to=daniel@rimspace.net">daniel@rimspace.net</a>
☎ +61 401 155 707<br> ♽ made with 100 percent post-consumer electrons<br>_______________________________________________<br>PLUG discussion list: <a ymailto="mailto:plug@plug.org.au" href="/mc/compose?to=plug@plug.org.au">plug@plug.org.au</a><br><a href="http://www.plug.org.au/mailman/listinfo/plug" target="_blank">http://www.plug.org.au/mailman/listinfo/plug</a><br>Committee e-mail: <a ymailto="mailto:committee@plug.linux.org.au" href="/mc/compose?to=committee@plug.linux.org.au">committee@plug.linux.org.au</a><br></div></blockquote></td></tr></table>