request rejected
Shadow Hawkins on Monday, 05 May 2003 14:51:55
I had asked an ipv6 tunnel for my server and it was rejected cause the endpoint didnt ping.There was mentioned that icmps shouldnt b blocked.I had them blocked but before i remove the block , u send me an email (about 10 minutes later).I removed the icmp block and everything is ok now but it sayz i already lost 10 points cause of that.So , i wont get the tunnel ? I must apply again for tunnel ? Must the icmps not b blocked all the time or only till u check the latency ?
request rejected
Shadow Hawkins on Monday, 05 May 2003 18:35:36
Well i have done this using iptables, to block ICMP echo requests from anywhere, but accept them if they come from SixXS.
#
# ICMP stuff requests from external interface
#
$IPTABLES -N ICMP_STUFF
$IPTABLES -A INPUT -i $EXTIF -p icmp -j ICMP_STUFF
# SixXS pinging points :)
$IPTABLES -A ICMP_STUFF -p icmp --icmp-type echo-request -s 213.204.193.2 -j ACCEPT
$IPTABLES -A ICMP_STUFF -p icmp --icmp-type echo-request -s 212.19.192.219 -j ACCEPT
$IPTABLES -A ICMP_STUFF -p icmp --icmp-type echo-request -s 213.197.27.252 -j ACCEPT
$IPTABLES -A ICMP_STUFF -p icmp --icmp-type echo-request -s 195.143.155.2 -j ACCEPT
$IPTABLES -A ICMP_STUFF -p icmp --icmp-type echo-request -j DROP
request rejected
Shadow Hawkins on Monday, 05 May 2003 18:36:09
oh, btw: ips may be different if you use different POP :P
request rejected
Jeroen Massar on Tuesday, 06 May 2003 02:28:29
Which is quite acceptable if you don't want other hosts to check availability and reachability of your host. The reason for the ICMP request is simply to check that your host is up and hasn't got a too high latency to the POP.
request rejected
Shadow Hawkins on Tuesday, 06 May 2003 15:24:20
After all this , i deleted the tunnel so i can make an other one, and now it sayz i cant make a tunnel with the same endpoint :?
request rejected
Jeroen Massar on Tuesday, 06 May 2003 19:21:25
Because the system retains the old information for the request so people won't request over and over again. The request was rejected for quite an apparent reason.
Posting is only allowed when you are logged in. |