John Summerfield wrote:
> Taylan Yetkin wrote:
>> Both ping and traceroute the host from fermi machines returns
>> success. I need some time to understand the use of tcpdump.
>> thanks,
>> Taylan
>
> There's a fair chance there's a problematic firewall rule. Some examples
> that can confuse the issue.
I can reach (ping) that host from here. Here's is what tcpdump shows me
when I telnet to it:
08:35:27.548153 IP neutralino.physics.uiowa.edu >
dsl-58-6-192-22.wa.westnet.com.au: icmp 68: host
neutralino.physics.uiowa.edu unreachable - admin prohibited
I interpret this as a firewall difficulty, the firewall is rejecting the
traffic with the excuse "icmp-admin-prohibited" which seems fairly sensible.
Same if I try port 25.
>
> smtp connexions from some locations to my gateway are forward using a
> DNAT rule to an internal system. If the internal system's down, a "host
> unreachable" response goes back, but ping and traceroute would work.
>
> When an unwelcome packet arrives at my gateway, I can choose to ignore
> it (DROP in iptables) or REJECT it. If I REJECT, I can add the excuse
> "icmp-host-unreachable."
>
>
> A good start with tcpdump is something like this:
>
> tcpdump -i eth0 -s 8888 host cvs-server
>
> or use wireshark which has the same abilities and a GUI to guide the
> beginner.
>
>
>
>
--
Cheers
John
-- spambait
[log in to unmask][log in to unmask]
-- Advice
http://webfoot.com/advice/email.top.phphttp://www.catb.org/~esr/faqs/smart-questions.htmlhttp://support.microsoft.com/kb/555375
You cannot reply off-list:-)