Cant Ping but Internet works : FUNNY

khandu · #1 2nd May 2008, 02:53 AM

Hi

I have updated FC8 to latest. Funny part is that internet is working fine and everything is fine

But ping / tracert etc fails.. dont give any reply from any website

Ping to localhost works fine...

Someone help me regarding this

wrhansen · #2 2nd May 2008, 03:05 AM

Can you ping your router? Maybe it doesn't have ping enabled?!?

/Edit Also you may want to use wireshark while pinging to get an idea of what's happening

juanfgs · #3 2nd May 2008, 03:05 AM

Sounds strange.
Check your firewall rules (via the GUI or iptables -L)

***Hlingler*** · #4 2nd May 2008, 03:44 AM

I can't ping anything anywhere either, but that's because I have the firewall set to block pings.

V

khandu · #5 4th May 2008, 04:30 AM

I have this in iptables

Quote:

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 1812 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 1813 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A FORWARD -p icmp --icmp-type any -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

pinging google gives

Quote:

[root@localhost ~]# ping www.google.com
PING www.google.com (74.125.19.103) 56(84) bytes of data.

--- www.google.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1001ms

But wireshark gives

Quote:

590 510.345431 192.168.197.131 74.125.19.103 ICMP Echo (ping) request

***Hlingler*** · #6 4th May 2008, 04:36 AM

Quote:

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

I'm not an IPTables/firewall expert by a longshot, but it sure looks like you have ICMP ("pinging") prohibited.

V

LDC · #7 4th May 2008, 02:23 PM

if you have a router with an hardware firewall, is there any sense in having also the software firewall enabled? ^^;

urzasrage · #8 4th May 2008, 04:07 PM

Quote:

Originally Posted by LDC

if you have a router with an hardware firewall, is there any sense in having also the software firewall enabled? ^^;

Multi-layered defense.

LDC · #9 4th May 2008, 04:56 PM

in a home user environment?

notageek · #10 4th May 2008, 05:38 PM

I know sometime back google blocked ping requests to itself, try websites like (well... try other websites

)

stevea · #11 4th May 2008, 10:30 PM

[stevea@nidula ~]# ping google.com
PING google.com (64.233.167.99) 56(84) bytes of data.
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=241 time=39.3 ms
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=2 ttl=241 time=34.4 ms

I believe it was some other major web presence, not google or yahoo. You can alway telnet to port 80 on any website to test connectivity.

I'm with LDC. Unless you distrust the ppl behind your router, or the ones you allow through your router, then the extra firewalling isn't desirable.

khandu · #12 5th May 2008, 08:03 AM

Hmm.. i m using vmware with vista and FC8 as host

before updating it it was working fine.. updating FC8 I mean.. but now I cannot ping ANY website..

vista pings.. so not the router problem..

its a home environment.. FC8 firewall is just on to just test some things..