[CentOS] 2 questions on CentOS firewall

Ljubomir Ljubojevic office at plnet.rs
Wed Jul 20 12:21:09 UTC 2011

Timothy Murphy wrote:
> Further to my question,
> how can I determine if it is the Billion 5200S modem/router
> that is preventing pings, or if it is the CentOS-6 MicroServer
> attached to the modem/router?
> I don't see any reference to ICMP on the modem web-page.
> On the other hand the CentOS firewall seems to allow ICMP
> unless explicitly rejected (which I haven't done).
> Surely it would be slightly odd for a modem/router
> to reject pings by default?
> Is there any simple way, short of using something like ethereal,
> of determining if ICMP packets are reaching the computer,
> and being rejected there?

ICMP packets are blocked by Billion, it's 99% chance, since public IP 
resides on the Billion. Only way (known to me) to pass ICMP to your 
CentOS server (on cheap modem/routers) is to do 1:1 NAT (all connections 
to all ports are redirected to system behind it with set IP).

If you need to be able to ping CemtOS system and not Billion, then you 
should set modem to bridge mode and pass public IP to CentOS. But caveat 
is that this would mean that if you turn on CentOS firewall or set it 
improperly you would be wide open, and that you will not be able to 
willfully bypass CentOS server (if he is down) and just plug PC's to 
modem directly.


Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant

More information about the CentOS mailing list