Strange ping bahaviour
Could anyone explain this to me. It used to work. But at some point stopped.
michael@feivel:~$ sudo ipchains --flush
michael@feivel:~$ sudo ipchains -nL
Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
michael@feivel:~$ sudo ipchains -A input -j ACCEPT -i lo -s 0.0.0.0/0 ping -d 127.0.0.1 -p icmp
michael@feivel:~$ sudo ipchains -A input -j DENY -l
michael@feivel:~$ sudo ipchains -C input -i lo -s 0.0.0.0/0 ping -d 127.0.0.1/32 -p icmp
accepted
michael@feivel:~$ ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1): 56 data bytes
--- 127.0.0.1 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss
michael@feivel:~$ sudo tail -n 1 /var/log/syslog
Apr 11 20:59:19 feivel kernel: Packet log: input DENY lo PROTO=1 127.0.0.1:0 127.0.0.1:0 L=84 S=0x00 I=5012 F=0x0000 T=255 (#2)
So ipchains -C says the packet will be accepted, but in fact it won't?
I then tried:
michael@feivel:~$ sudo ipchains -I input 1 -j ACCEPT -i lo -s 0.0.0.0/0 0 -d 127.0.0.1 -p icmp
michael@feivel:~$ ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.3 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=255 time=0.3 ms
In other words, ping no longer sends out icmp type 8 but icmp type 0. AFAIK
ECHO_REQUEST is 8, isn't it?
Michael
--
Michael Meskes | Go SF 49ers!
Th.-Heuss-Str. 61, D-41812 Erkelenz | Go Rhein Fire!
Tel.: (+49) 2431/72651 | Use Debian GNU/Linux!
Email: Michael@Fam-Meskes.De | Use PostgreSQL!
Reply to: