Hi,
I have another ping question.
The following worked for me well. I can ping the host.
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 0 -j ACCEPT
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 3 -j ACCEPT
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 5 -j ACCEPT
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
iptables -A OUTPUT -p ALL -s 111.222.333 -j ACCEPT # 111.222.333 is the
real IPof the host
iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
However I have many other IP's and all mapped as virtual devices such as
eth0:1 eth0:2 and so on. without ans iptables rule (default set to accept) I
can ping them all. However with an modified version of the above I can ping
the IP of eth0 but I cannot ping any virtual eth IPs. Although I see them on
the log of the host, otherside does not get the echose back. What am I
missing now? Doesn't the INPUT chain receive the ICMP packed destined for a
virt. eth ?
TIA
Oyku
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A INPUT -p ICMP -s 0/0 -j LOG --log-level DEBUG *****
iptables -A INPUT -p ICMP -s 0/0 ---icmp-type 0 -j ACCEPT
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 3 -j ACCEPT
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 5 -j ACCEPT
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
iptables -A OUTPUT -p ALL -s 111.222.333 -j ACCEPT # 111.222.333 is the
real IPof the host
iptables -A OUTPUT -p ALL -s 111.222.334 -j ACCEPT # a virtual eth address
up and running ******
iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
I have another ping question.
The following worked for me well. I can ping the host.
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 0 -j ACCEPT
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 3 -j ACCEPT
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 5 -j ACCEPT
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
iptables -A OUTPUT -p ALL -s 111.222.333 -j ACCEPT # 111.222.333 is the
real IPof the host
iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
However I have many other IP's and all mapped as virtual devices such as
eth0:1 eth0:2 and so on. without ans iptables rule (default set to accept) I
can ping them all. However with an modified version of the above I can ping
the IP of eth0 but I cannot ping any virtual eth IPs. Although I see them on
the log of the host, otherside does not get the echose back. What am I
missing now? Doesn't the INPUT chain receive the ICMP packed destined for a
virt. eth ?
TIA
Oyku
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A INPUT -p ICMP -s 0/0 -j LOG --log-level DEBUG *****
iptables -A INPUT -p ICMP -s 0/0 ---icmp-type 0 -j ACCEPT
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 3 -j ACCEPT
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 5 -j ACCEPT
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
iptables -A OUTPUT -p ALL -s 111.222.333 -j ACCEPT # 111.222.333 is the
real IPof the host
iptables -A OUTPUT -p ALL -s 111.222.334 -j ACCEPT # a virtual eth address
up and running ******
iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT