Server not replying to ping.

[hekkendal]

I have an odd situation on my hands.

I cant ping my Wheezy server on my local network. I can ping localhost and the systems ip adress on the server both gives nice ping answer. I have tried to find some info on it and here is my situation:

I have some iptables rules:

Code: Select all

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   186 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
  284 29254 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    2   104 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:41261
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    5   260 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 0
    7   380 logdropin  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   186 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
  201 41682 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:41261
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
   21  1188 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            217.168.83.69        tcp dpt:25
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:123
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:111
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:111
    7   420 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:2049
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:2049
    0     0 logdropout  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain logdropin (1 references)
 pkts bytes target     prot opt in     out     source               destination
    7   380 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 10/min burst 5 LOG flags 0 level 7 prefix "fw log-in: "
    7   380 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain logdropout (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 10/min burst 5 LOG flags 0 level 7 prefix "fw log-out: "
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

As seen here the rules should allow ping(if im not mistaken).
I have also checked that my /etc/sysctl.conf dont contain any limitations.
I have checked /proc/sys/net/ipv4/icmp_echo_ignore_all contains "0" and /proc/sys/net/ipv4/icmp_echo_ignore_broadcast contains "1".

Still i cant ping it on my local network. What have i missed, do you have a solution to this?

[ralph.ronnquist]

the request is icmptype 8 and the response is icmptype 0.
the server rules accept requests as output and responses as input.

[hekkendal]

Thanks a lot!

Swapping icmp-request and icmp-relpy did all the difference.