Find the answer to your Linux question:
Results 1 to 3 of 3
Hi I am using redhat 6 64bit server OS in my concern. I am configure squid proxy server. My interconnection is dhcp connectioned ip address and i am changed to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! prabahar's Avatar
    Join Date
    Jan 2013
    Location
    Tamilnadu,India
    Posts
    10

    Client Machine Ping command not wrking


    Hi

    I am using redhat 6 64bit server OS in my concern. I am configure squid proxy server. My interconnection is dhcp connectioned ip address and i am changed to static ip address using squid proxy.
    For Example: i am getting dhcp connection from Ethernet eth0 (192.168.1.1) for input and sending information to another Ethernet eth1 (192.168.0.1) for output to my client machine like Xp.
    My problem is i can't ping google or some other websites using cmd prompt.But internet was working properly
    And also used iptables entry i post below please tell right way to rectify this problem


    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -i eth1 -p all -s 192.168.0.254/24 -j ACCEPT
    #-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    # allow certain inbound ICMP types (ping, traceroute..
    -A INPUT -i eth0 -p icmp --icmp-type destination-unreachable -j ACCEPT
    -A INPUT -i eth0 -p icmp --icmp-type time-exceeded -j ACCEPT
    -A INPUT -i eth0 -p icmp --icmp-type echo-reply -j ACCEPT
    -A INPUT -i eth0 -p icmp --icmp-type echo-request -j ACCEPT
    #Common ICMP (PING) Match Criteria
    -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
    -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
    #Enable Ping Request
    -A INPUT -p icmp --icmp-type 8 -s 0/0 -d 192.168.0.254 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    -A OUTPUT -p icmp --icmp-type 0 -s 192.168.0.254 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT

    COMMIT

  2. #2
    Just Joined!
    Join Date
    Feb 2007
    Posts
    3
    Try using the wireshark program on the machine running squid. wireshark shows the Ethernet traffic and you would be able to see ping (icmp echo) requests and ping (icmp echo) replies on the eth0 and eth1 networks. That should give you a clue to where the communication is being lost/inhibited.

    I was expecting to see IP masquerading in your iptable rules for forwarding the ping requests and replies. I think squid only handles forwarding of web traffic such as port 80.

    Therefore, I suspect your ping requests and replies are being limited to the local subnet eg. 192.168.0.* eg. no routing rules are defined.

    I think in the iptables rules there is a mechanism for defining forwarding. eg. -A FORWARD

  3. #3
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by blade2 View Post
    I think in the iptables rules there is a mechanism for defining forwarding. eg. -A FORWARD
    OP's rules already allow for FORWARDing traffic in his POLICY statements.


    Quote Originally Posted by prabahar View Post
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -i eth1 -p all -s 192.168.0.254/24 -j ACCEPT
    #-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    # allow certain inbound ICMP types (ping, traceroute..
    -A INPUT -i eth0 -p icmp --icmp-type destination-unreachable -j ACCEPT
    -A INPUT -i eth0 -p icmp --icmp-type time-exceeded -j ACCEPT
    -A INPUT -i eth0 -p icmp --icmp-type echo-reply -j ACCEPT
    -A INPUT -i eth0 -p icmp --icmp-type echo-request -j ACCEPT
    #Common ICMP (PING) Match Criteria
    -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
    -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
    #Enable Ping Request
    -A INPUT -p icmp --icmp-type 8 -s 0/0 -d 192.168.0.254 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    -A OUTPUT -p icmp --icmp-type 0 -s 192.168.0.254 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT

    COMMIT
    OK, your firewall is wide open to the world which in my opinion is dangerous. As the other poster pointed out your are going to need a masquerading rule so traffic knows how to get back to you. Have a look at the following document which will help you to setup a proper firewall.

    Iptables Tutorial

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •