Results 1 to 7 of 7

Thread: When UFW is enabled I can not ping

  1. #1
    Join Date
    Aug 2009
    Location
    Mclean, VA, USA
    Beans
    67
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Question When UFW is enabled I can not ping

    Hello,

    I am running Ubuntu Server 10.10. I have enabled UFW with the following rules:
    Code:
    To                         Action      From
    --                         ------      ----
    80/tcp                     ALLOW       Anywhere
    22                         ALLOW       Anywhere
    8080/tcp                   ALLOW       Anywhere
    
    10.0.0.66 22/tcp           ALLOW OUT   Anywhere
    80/tcp                     ALLOW OUT   Anywhere
    443/tcp                    ALLOW OUT   Anywhere
    53/udp                     ALLOW OUT   Anywhere
    465/tcp                    ALLOW OUT   Anywhere
    10.0.0.62 3389             ALLOW OUT   10.0.0.65
    10.0.0.60 22/tcp           ALLOW OUT   Anywhere
    10.0.0.90 3389             ALLOW OUT   10.0.0.65
    I am unable to ping from the server. What do I have to add to ping from the server? Do I need to Allow from 127.0.0.1 to Anywhere? I would like this server to be as secure as possible.

    Thanks,
    Carlos
    A computer without a Microsoft operating system is like a dog without bricks tied to its head.

  2. #2
    Join Date
    Aug 2009
    Location
    Mclean, VA, USA
    Beans
    67
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: When UFW is enabled I can not ping

    Bump

    Whenever I try to ping I get:
    Code:
    ping: sendmsg: Operation not permitted
    However when I turn UFW off I am able to ping without any issues.

    Thanks
    Carlos
    A computer without a Microsoft operating system is like a dog without bricks tied to its head.

  3. #3
    Join Date
    Nov 2007
    Location
    Newry, Northern Ireland
    Beans
    1,258

    Re: When UFW is enabled I can not ping

    Try

    Code:
    sudo ufw allow icmp
    If that does not work, you need to see whether the /etc/ufw/before.rules is blocking your ICMP packets.

    EDIT: You havn't been using Firestarter at all, have you? That can really mess stuff up too....
    Last edited by spynappels; July 11th, 2011 at 02:41 PM.
    Can't think of anything profound or witty.
    My Blog: http://gonzothegeek.blogspot.co.uk/

  4. #4
    Join Date
    Aug 2009
    Location
    Mclean, VA, USA
    Beans
    67
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: When UFW is enabled I can not ping

    Thanks for the quick reply!

    When I try sudo ufw allow icmp I get:
    Code:
    ERROR: Could not find a profile matching 'icmp'
    before.rules is set to:
    Code:
    # ok icmp codes
    -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
    -A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
    -A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
    -A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
    -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
    I have not installed firestarter.

    Thanks
    Carlos
    A computer without a Microsoft operating system is like a dog without bricks tied to its head.

  5. #5
    Join Date
    Aug 2009
    Location
    Mclean, VA, USA
    Beans
    67
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Question Re: When UFW is enabled I can not ping

    I am thinking about upgrading to 11.04, do you think that this would resolve the problem? The reason I need to ping out is that I am running Nagios and nagios needs the ability to ping. I also must have a firewall for security. I am having this problem on all my Ubuntu computers (including workstations (10.10)).

    Before I try install 11.04 does anyone have any other suggestions that I can try.

    Your help is MUCH appreciated!
    A computer without a Microsoft operating system is like a dog without bricks tied to its head.

  6. #6
    Join Date
    Aug 2009
    Location
    Mclean, VA, USA
    Beans
    67
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Smile Re: When UFW is enabled I can not ping

    I was able to solve my problem with the info below from http://www.kelvinism.com/howtos/enab...p-through-ufw/


    Enable ICMP through UFW Published on Sept. 21, 2010

    I like using Ubuntu's UFW command, but today I needed to allow outgoing ICMP. I received results as so:
    $ ping 4.2.2.2 PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted
    To allow outbound icmp I edited 'before.rules' and added the following lines.
    $ sudo vi /etc/ufw/before.rules
    # allow outbound icmp -A ufw-before-output -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -A ufw-before-output -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
    A computer without a Microsoft operating system is like a dog without bricks tied to its head.

  7. #7
    Join Date
    Feb 2009
    Location
    /earth/india/mumbai
    Beans
    599
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: When UFW is enabled I can not ping

    Thanks,that link helped me as well..
    However,it would have been better if this can be achieved through a ufw command..

    Vote for my Idea
    ~~~Open-source Software and Patience go hand in hand~~~

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •