Hi,
just add following line to your firewall script(though not
a good idea to enable ping in my personal opinion)
$IPTABLES -A INPUT -i $EXTIF -p ICMP -s $UNIVERSE -d $EXTIP -j ACCEPT
where $IPTABLES = /sbin/iptables
$EXITIF = eth0
$EXTIP = ipaddress on eth0
$UNIVERSE = 0.0.0.0/0
if these varibles are not defined.Which might be since i am using
the sample script from netfilter site.
you can enable it for your internal network by putting -s <your internal netmask>
hope this helps and works
bye
ranjan
In-Reply-To: <000001c2311b$88780440$0200a8c0@WINDOWSXP>
On Sun, Jul 21, 2002 at 06:03:02PM -0700, diego henao wrote:
> This is me again. I sent an email long time ago regarding information
> about iptables. Well, I have not been able to set up my server
> correctly. I will explain to you what's going on again. I have Red Hat
> Linux 7.3. I have set up NAT also because I have a Windows XP behind
> this machine ( This is for my sister) ahhaah. I got a file with the
> rules for the firewall; it is called rc.firewall. The Ip masquerade is
> working wonderful. In addition, I don't have a static ip; therefore,
> what I did was I got a dynamic ip from www.dtdns.com
> <http://www.dtdns.com/> .
>
> The problem starts when someone from another network or computer
> different from mine tries to access my server, even though; the person
> tries just a simple ping. Apparently, my machine is not there; it is
> dead aahahahaha.
>
> Finally, I know the dynamic ip is working because when you do a ping
> from any computer outside, you can see the system converting the ip to
> dns. My dynamic domain is cabezas.darktech.org.
>
> Below here I am attaching some information I think is necessary to find
> out what the problem is. I think the problem is iptables, but I am not
> sure. I will keep reading about iptables, I am not an expert, but We
> will see..
>
> Any collaboration is thanked.
>
> Thanks a lot Diego..
>
> Information
>
> [root@CaBeSeRvEr root]# iptables -L
> Chain INPUT (policy DROP)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- 192.168.0.0/24 anywhere
> drop-and-log-it all -- 192.168.0.0/24 anywhere
> ACCEPT all -- anywhere
> 6535138hfc193.tampabay.rr.comstate RELA
> TED,ESTABLISHED
> drop-and-log-it all -- anywhere anywhere
>
> Chain FORWARD (policy DROP)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABL
> ISHED
> ACCEPT all -- anywhere anywhere
> drop-and-log-it all -- anywhere anywhere
>
> Chain OUTPUT (policy DROP)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- 6535138hfc193.tampabay.rr.com 192.168.0.0/24
> ACCEPT all -- 192.168.0.0/24 192.168.0.0/24
> drop-and-log-it all -- anywhere 192.168.0.0/24
> ACCEPT all -- 6535138hfc193.tampabay.rr.com anywhere
> drop-and-log-it all -- anywhere anywhere
>
> Chain drop-and-log-it (5 references)
> target prot opt source destination
> LOG all -- anywhere anywhere LOG level
> info
> DROP all -- anywhere anywhere
>
>
> [root@CaBeSeRvEr root]# iptables -V
> iptables v1.2.5
> [root@CaBeSeRvEr root]#
>
>
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 14:09:59 EDT