| 1 |
Mick <michaelkintzios@×××××.com> writes: |
| 2 |
|
| 3 |
> On Monday 14 July 2008, Harry Putnam wrote: |
| 4 |
>> I've had a problem with being able to ping out to the internet from my |
| 5 |
>> gentoo box, while at the same time I'm able to ping outbound from |
| 6 |
>> several windows boxes on same home lan. |
| 7 |
>> |
| 8 |
>> I don't run a firewall at all from linux but do have a Netgear |
| 9 |
>> switch/router/Firewall upstream between me and the internet cable |
| 10 |
>> modem. |
| 11 |
> [snip..] |
| 12 |
> |
| 13 |
>> My router/fw can be set to deny specific machines outbound traffic but |
| 14 |
>> that is not done in this case. So the solution must reside somewhere |
| 15 |
>> in my gentoo install. |
| 16 |
> |
| 17 |
> It may be worth checking your router's firewall rules once more. Is the |
| 18 |
> gentoo box connected to the router in the same fashion as the MSWindows |
| 19 |
> boxen, or is it in some funny DMZ set up? |
| 20 |
|
| 21 |
The section involving blocking has nothing whatever set. |
| 22 |
|
| 23 |
> What do the firewall logs show? |
| 24 |
|
| 25 |
Since there is nothing outgoing set to log, it says nothing. |
| 26 |
|
| 27 |
>> What things should I be checking. |
| 28 |
> |
| 29 |
> If as you say you have no firewall on the Gentoo box then you ought to have a |
| 30 |
> quick look at your kernel. Use sysclt: |
| 31 |
> |
| 32 |
> /sbin/sysctl -a |
| 33 |
|
| 34 |
Here I see: |
| 35 |
sysctl -a|grep 'net.*icmp' |
| 36 |
|
| 37 |
net.ipv4.icmp_echo_ignore_all = 0 |
| 38 |
net.ipv4.icmp_echo_ignore_broadcasts = 1 |
| 39 |
net.ipv4.icmp_ignore_bogus_error_responses = 1 |
| 40 |
net.ipv4.icmp_errors_use_inbound_ifaddr = 0 |
| 41 |
net.ipv4.icmp_ratelimit = 250 |
| 42 |
net.ipv4.icmp_ratemask = 6168 |
| 43 |
|
| 44 |
But not sure what any of it means. The first line looks kind of |
| 45 |
ominous though. |
| 46 |
|
| 47 |
>> A ping attempt like this: |
| 48 |
>> |
| 49 |
>> ping ftp.ucsb.edu |
| 50 |
>> PING ftp.ucsb.edu (128.111.24.43) 56(84) bytes of data. |
| 51 |
>> |
| 52 |
>> Just never moves any further, but you can see it has resolved the |
| 53 |
>> alpha address to numeric forum so must have contacted and received |
| 54 |
>> info from the nameserver. |
| 55 |
> |
| 56 |
> Or from your router if it acts as a caching DNS resolver? |
| 57 |
|
| 58 |
I don't think so, at least there is no mention in the documentation of |
| 59 |
such a feature. |
Archives