Re: [SLUG] Pings etc.

From: Paul M Foster (paulf@quillandmouse.com)
Date: Sun Feb 03 2002 - 17:44:37 EST


On Tue, Jan 29, 2002 at 11:32:07AM -0500, Russ Herrold wrote:

> On Mon, 28 Jan 2002, Paul M Foster wrote:
>
> > >From any machine on the network (and the firewall), I can ping
> > www.suncoastlug.org. I cannot, however, ping www.quillandmouse.com. Now,
> > I can traceroute or traceroute -I it. I can access the website(s). I can
> > run host against them both.
>
> I drop ICMP at the borders of some ISP's I admin for non-local
> non-next-hop traffic, due to Smurf attacks ... This would
> cause that symptom.
>

I believe Kai and you are correct. I think my ISP simply doesn't allow
pings. Otherwise, I've seen no difficulty with any internet activities
I've tried through coyote. (And no, I wrote my coyote firewall's rules--
they don't block ICMPs.)

And for those of you who've asked about single-disk firewalls in the
past, here's a plug for coyote. I was using floppyfw, but there are a
couple of drawbacks. First, it requires manual configuration of various
files, in a way that's not necessarily obvious. Second, the author
appears to have no interest in including the ability to ssh into the
firewall box. One of the reasons I looked into coyote was that it would
allow me to make the firewall "headless"; that is, without a monitor,
but allowing the ability to ssh into it to do maintenance, etc.

A bigger plug for coyote is that it takes you through a series of
questions and answers to set up the box. Then it builds the floppy for
you. No muss, no fuss. Once booted, you can modify the firewall rules
and various other things, and it will save that configuration back to
your floppy.

Highly recommended. Particularly for unsophisticated users.

Paul



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:41:22 EDT