Robert Spangler wrote:
On Tuesday 19 July 2011 09:11, the following was written:
Timothy Murphy wrote:
I'm running CentOS-6 on an HP MicroServer with a Billion 5200S modem/router connecting to the internet. I'm running the standard CentOS-6 firewall on the server.
(1) I can open port 22 on the Billion, allowing me to ssh in from outside. But for some reason I cannot ping the same address from outside. (I can ping it internally.) Why is this? I'm not sure if the problem lies with the router or the server? There does not seem to be any explicit rule on either to allow ICMP packets through.
This is due to modem refuses to answer to pings. You might have option to allow it in modem config.
Modems cannot answer pings. They are a bridge. The most likely reason why the OP cannot ping is because the firewall is not allowing it. Adding rules to allow pings should clear up this issue.
Please first read OP mail then give me lessons. HE said it was modem/router, I shortened it. I was little lazy.
How do you think he opened and forwarded port on his modem(/router) if he was in bridged mode?
(2) I have a Linksys WRT54GL WiFi router attached to the server, to allow access to the internet from laptops. This works fine. But I was surprised to find that when I turn OFF the firewall on the server this stops access to the internet on laptops. (I didn't test to see if re-booting the laptop would solve this.) Can disabling the firewall actually prevent some linkage?
When you turn off firewall, it stops routing packets so they can not be passed to systems behind it.
IPTABLES does not route packets. IPTABLES manipulate packet so that they can be routed to the proper destination.
You can nitpick if you like, but do not forget that OP is most probably noob (no disrespect intended). Why is necessary to write "War & Peace" when the result is the same, no firewall = no internet for PC's behind the CentOS system.
And lets finish it with a style: Timothy, you could turn off firewall and still have internet if you set static route in modem/router for the subnet used between CentOS and Clients, so modem/router does final NAT'ing.
The reason the OP could not connect to the internet is because the firewall was NAT'ing his packets that were leaving his network to his internet facing ip address. Ounce the natting stopped the packets were sent to the internet with the address of his laptop which was most likely a private address. Since private addresses are not supposed to be routed on the internet the receiving router dropped the return packet.
Irrelevant, modem/router is used.
I have spent last 6 years doing NAT-ing, policy routing, static and dynamic routing, complex iptables rules, marking packets to block and/or slowdown torrents but leave gamers alone, what ever you can think of. But there is not need to complicate things when the question is so simple:
"In the current state of his network, if he turns of firewall, clients behind it will not have internet."