[CentOS] 2 questions on CentOS firewall
Ljubomir Ljubojevic
office at plnet.rs
Wed Jul 20 12:21:09 UTC 2011
Timothy Murphy wrote:
> Further to my question,
> how can I determine if it is the Billion 5200S modem/router
> that is preventing pings, or if it is the CentOS-6 MicroServer
> attached to the modem/router?
>
> I don't see any reference to ICMP on the modem web-page.
>
> On the other hand the CentOS firewall seems to allow ICMP
> unless explicitly rejected (which I haven't done).
>
> Surely it would be slightly odd for a modem/router
> to reject pings by default?
>
> Is there any simple way, short of using something like ethereal,
> of determining if ICMP packets are reaching the computer,
> and being rejected there?
>
ICMP packets are blocked by Billion, it's 99% chance, since public IP
resides on the Billion. Only way (known to me) to pass ICMP to your
CentOS server (on cheap modem/routers) is to do 1:1 NAT (all connections
to all ports are redirected to system behind it with set IP).
If you need to be able to ping CemtOS system and not Billion, then you
should set modem to bridge mode and pass public IP to CentOS. But caveat
is that this would mean that if you turn on CentOS firewall or set it
improperly you would be wide open, and that you will not be able to
willfully bypass CentOS server (if he is down) and just plug PC's to
modem directly.
--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe
Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
More information about the CentOS
mailing list