[Firehol-support] Re: cable tv internet

Daniel Pittman daniel at rimspace.net
Tue Dec 27 00:29:35 CET 2005


Grigory Fateyev <greg at anastasia.ru> writes:
> On Mon, 26 Dec 2005 11:18:17 +1100 you wrote:
>> Grigory Fateyev <greg at anastasia.ru> writes:

[...]

>> > I have cable tv network the so cald "home net". Wyhen i start
>> > firehol ping have been lost. Why?
>> 
>> Have you looked in the logs?  Firehol, by default, writes log messages
>> about blocked packets into the kernel message log, so they should show
>> up in something like /var/log/syslog or /var/log/messages.
>> 
>> That should tell you which rule is blocking your packets or, at least,
>> give some hints about it.  Post the log fragments here if you can't
>> work it out yourself.
>
> Thanks for reply!
>
> Dec 26 15:30:50 greg kernel: OUT-home:IN= OUT=eth0 SRC=172.16.11.36
> DST=213.180.204.8 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP
> TYPE=8 CODE=0 ID=36423 SEQ=6
>
> When i ping ya.ru see this logs. The problem is SRC, it shows local net
> ip not real ip. 

OK: You sent that ping from your firewall machine, and it was blocked
because the 'home' ruleset does not permit outbound ping packets.

Add 'client ping accept' to the 'home' section of the rules and the
problem will go away.

Regards,
        Daniel





More information about the Firehol-support mailing list