Firewall Wizards mailing list archives
RE: [fw-wiz]: unable to ping internet servers
From: "Steven Alexander" <alexander.s () mccd edu>
Date: Mon, 2 Jun 2003 09:33:28 -0700
You have to allow inbound ICMP echo-reply packets. ICMP isn't connection oriented so the incoming echo-reply is not known to be part of the same sequence of events as the earlier outgoing echo-request. -steven -----Original Message----- From: Hilal Hussein [mailto:hilalma () hotmail com] Sent: Sunday, June 01, 2003 8:07 AM To: Wesley_Noonan () bmc com; avraham () jct ac il; firewall-wizards () icsalabs com Subject: [fw-wiz] [fw-wiz]: unable to ping internet servers Dear Gentlemen, I have a PIX 520 Firewall with global (outside) 1 1.2.3.4 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) 11.22.33.44 172.17.1.10 netmask 255.255.255.255 0 0 conduit permit gre host 11.22.33.44 host 55.66.77.88 conduit permit icmp any any outbound 10 permit 172.17.0.0 255.255.0.0 0 tcp outbound 10 permit 172.17.0.0 255.255.0.0 0 udp outbound 10 permit 172.17.0.0 255.255.0.0 0 icmp apply (inside) 10 outgoing_src we are accessing the internet having direct connection from the firewall to the ISP Router. and all internal users have the Firewall as the internet Gateway. Questions why internal users can't ping www.yahoo.com or even the ip address of yahoo server or any internet server, at the same time I can do the ping from the firewall itself - ping outside 64.58.76.224 ? Do i need to do any changes in the firewall ? since conduit permit icmp any any & outbound 10 permit 172.17.0.0 255.255.0.0 0 icmp which should be allowed bidirectional ICMP traffic between our internal network (172.17.0.0 - 255.255.0.0). hopefully i am clear in describing the problem, your comments and support are highly appreciated, With regards, Hilal Hussein _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- [fw-wiz]: unable to ping internet servers Hilal Hussein (Jun 01)
- <Possible follow-ups>
- RE: [fw-wiz]: unable to ping internet servers Steven Alexander (Jun 02)