From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KLJbx-0006iF-Ll for garchives@archives.gentoo.org; Tue, 22 Jul 2008 15:17:10 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 69ED1E0137; Tue, 22 Jul 2008 15:17:08 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 13B59E0137 for ; Tue, 22 Jul 2008 15:17:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id A8234671A4 for ; Tue, 22 Jul 2008 15:17:07 +0000 (UTC) X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Score: -3.466 X-Spam-Level: X-Spam-Status: No, score=-3.466 required=5.5 tests=[AWL=0.133, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bgm18fyKMb9P for ; Tue, 22 Jul 2008 15:17:01 +0000 (UTC) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id E140067245 for ; Tue, 22 Jul 2008 15:16:59 +0000 (UTC) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1KLJbh-0000oA-LI for gentoo-user@gentoo.org; Tue, 22 Jul 2008 15:16:53 +0000 Received: from c-67-162-73-42.hsd1.il.comcast.net ([67.162.73.42]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 22 Jul 2008 15:16:53 +0000 Received: from reader by c-67-162-73-42.hsd1.il.comcast.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 22 Jul 2008 15:16:53 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: Harry Putnam Subject: [gentoo-user] Re: Curious ping problem with no FW Date: Tue, 22 Jul 2008 10:16:41 -0500 Organization: Still searching... Message-ID: <87ej5mj6ee.fsf@newsguy.com> References: <87lk044bki.fsf@newsguy.com> <200807201658.29960.michaelkintzios@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: c-67-162-73-42.hsd1.il.comcast.net User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux) Cancel-Lock: sha1:sSDfs/qzySK7FmkdpD2co9xb4p0= Sender: news X-Archives-Salt: 047bf6ab-0712-46a7-9238-0af2254291cc X-Archives-Hash: cd1349ed343589bcd137f84a15ecdf99 Mick writes: > On Monday 14 July 2008, Harry Putnam wrote: >> I've had a problem with being able to ping out to the internet from my >> gentoo box, while at the same time I'm able to ping outbound from >> several windows boxes on same home lan. >> >> I don't run a firewall at all from linux but do have a Netgear >> switch/router/Firewall upstream between me and the internet cable >> modem. > [snip..] > >> My router/fw can be set to deny specific machines outbound traffic but >> that is not done in this case. So the solution must reside somewhere >> in my gentoo install. > > It may be worth checking your router's firewall rules once more. Is the > gentoo box connected to the router in the same fashion as the MSWindows > boxen, or is it in some funny DMZ set up? The section involving blocking has nothing whatever set. > What do the firewall logs show? Since there is nothing outgoing set to log, it says nothing. >> What things should I be checking. > > If as you say you have no firewall on the Gentoo box then you ought to have a > quick look at your kernel. Use sysclt: > > /sbin/sysctl -a Here I see: sysctl -a|grep 'net.*icmp' net.ipv4.icmp_echo_ignore_all = 0 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.icmp_errors_use_inbound_ifaddr = 0 net.ipv4.icmp_ratelimit = 250 net.ipv4.icmp_ratemask = 6168 But not sure what any of it means. The first line looks kind of ominous though. >> A ping attempt like this: >> >> ping ftp.ucsb.edu >> PING ftp.ucsb.edu (128.111.24.43) 56(84) bytes of data. >> >> Just never moves any further, but you can see it has resolved the >> alpha address to numeric forum so must have contacted and received >> info from the nameserver. > > Or from your router if it acts as a caching DNS resolver? I don't think so, at least there is no mention in the documentation of such a feature.