linux pings winxp but not vice versa [solved]

[Guest snesromz99]

Hi everyone,

 

I got a 2005LE box and it can ping all computers (windows xp) on the local network. It can even goes on the internet. The only problem is when I use the other computers (win xp), I can't ping the linux box. I've been looking for help but couldn't find anything that can help me.

 

Thanks

Edited July 16, 2005 by snesromz99

[polemicz]

First off welcome to the board.

Next, have you installed and set up Samba? In MCC you can set up file sharing if you have not already done so. More details on what you have done and how the network is set up would be helpful. Good luck.

[Guest snesromz99]

Thanks, I was actually around for the past several months, and this place is great.

 

Anyways, I'm sure that samba is installed (I selected it during installation). But the problem was I can't ping my linux box using my winxp machine. Do you have to set up Samba to be able to ping from a windows machine?

[streeter]

Nope - to ping, you just need plain old TCP/IP - which is working OK, as you can ping one way and connect to the net.

 

I suspect you have a firewall running on the Linux box.

 

To test this, have a look at my 'how to disable your firewall for testing' page at http://www.iwpcs.co.uk/linux_firewall_disable.html. If you can then ping, let us know, together with what you are using as a firewall front end and we can work out how to enable comms.

 

Chris

[Guest snesromz99]

I remembered that I used the MCC to disable the firewall in the security section. But I'll check it again and check back later. Could there be anything else that wrong?

[streeter]

Probably :)

 

Could look in the security levels section - theres an entry there for 'accept ICMP echo' which is posh for ping. But that alone won't allow file sharing.

 

If you get stuck, post the output of iptables -nvL here. You may need to install iptables with 'urpmi iptables'.

 

Chris

[Guest snesromz99]

Here's the output of "iptables -nvL". I also made sure that firewall is disabled. I still can't ping this linux box with my winxp computer.

 

Chain INPUT (policy ACCEPT 348 packets, 300K bytes)

pkts bytes target prot opt in out source destination

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

 

Chain OUTPUT (policy ACCEPT 370 packets, 62435 bytes)

pkts bytes target prot opt in out source destination

[Guest snesromz99]

Thanks, I got it to work. Just like streeter said, I turned on "accept ICMP echo" and my winxp was able to ping my linux box. Just for my curiosity, why is it like that?

[ianalis]

It's for security reasons. An attacker usually pings a series of ip addresses (computers) to look for a target that is alive or connected to the network. When the pinged computer replies, it means that it's alive and an attacker can then do his other tricks (e.g. doing a port scan.) However, it's not a guarantee that you're computer will be perfectly safe if you refuse to reply to pings (which is an ICMP echo request)