0

I'm facing a networking issue with an embedded Linux system in a private network. We have a network that consists of a few tens of servers connected through a switch with one of the servers acting as a DHCP server. Now, we recently added an AlterPath ACS terminal server (henceforth known as TS) to this network which uses some unknown variant of Linux PowerPC.

After configuring the DHCP on the TS, and restarting the network, ifconfig reports that the TS has been assigned proper IP and other fields. Now, I can ping from the TS to other machines on the network but I cannot ping to this server from other machines.

I initially suspected a firewall restriction and removed all rules from iptables to accept all incoming packets but still couldn't reach this machine. I also placed rules to log all dropped packets. A quick look at dmesg showed that all the dropped packets are correctly logged while the accepted ones are not.

I'm not sure what else could be wrong here. Can anyone comment on what else I could try regarding this? Since this is an embedded server, it doesn't have commands such as tcpdump, etc.

EDIT: Output of iptables:

[root@term1 etc]# iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
LOGGING    all  --  anywhere             anywhere           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
LOGGING    all  --  anywhere             anywhere           

Chain LOGGING (2 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere           limit: avg 2/min burst 5         LOG level warning prefix `IPTables-MyLog: ' 
ACCEPT     all  --  anywhere             anywhere
AnilRamakrishna
  • 23
  • 4
  • Can you show what you have in the rules currently? – Danila Ladner May 21 '13 at 03:43
  • 2
    Unless ICMP Echo Reply is the service being provided by this host I think the better approach would be to determine if this host has the network functionallity to perform the role you intend it for. If I deploy a DNS server I don't really care whether it responds to pings or not but I do care if it responds to DNS queries. – joeqwerty May 21 '13 at 04:32
  • if you `cat /proc/sys/net/ipv4/icmp_echo_ignore_all` what doe you get back? – NickW May 21 '13 at 08:31
  • @DanilaLadner: I've added the output of Iptables above. – AnilRamakrishna May 21 '13 at 19:10
  • @joeqwerty: The TS needs to be accessible through a web browser, and that's not working either. I know for a fact that packets are reaching the TS since they are logged correctly, just that after the firewall rules are applied and a packet is ACCEPTED, the system is not responding the way it should. – AnilRamakrishna May 21 '13 at 19:12
  • @NickW: Thanks a ton! `cat /proc/sys/net/ipv4/icmp_echo_ignore_all` returned 1 and I changed it to 0, now the system is replying for pings! I was completely unaware of the use of the `proc` filesystem for firewall configuration. Thanks for pointing that. – AnilRamakrishna May 21 '13 at 19:21
  • However, I still am not able to get a response from the TS when I try to access it on a web browser. I'm now trying to figure out if there are any similar rules in `/proc` that are blocking the tcp packets. Any suggestions on that? Thanks. – AnilRamakrishna May 21 '13 at 19:23

0 Answers0