Josh Huber wrote:
avedis@rcn.com writes:
[...] then could surf, with download speeds up to 1.7M/s.
Just curious, is that bytes or bits? (I wasn't aware of verizon offering such a fast link)>
Bits, I think. Whatever they advertise as supplying 1.5meg down and 128k up. I'm at the bottom of the hill from the phone company, so maybe that helps. I downloaded knoppix (700MB) in a little more than an hour.
I'm not sure why you would want to drop all pings. You'll
probably
find that the default firewalling rules drop some kinds of ICMP packets, but there are some which are useful to keep around. (personally, I think dropping all inbound ICMP is pretty annoying when trying to diagnose network issues...)
I don't know enough to have an answer. How many kinds of ICMP are there? The firewall config file gives three choices - # Allow (or don't) ICMP echo pings on either the firewall or the dmz from # the internet? The internet option is for allowing the DMZ and the internal # network to ping the internet. FW_ALLOW_PING_FW="no" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" I understand that the first two determine whether the firewall or the dmz respond to pings from the internet, but I'm not sure what the third option does. I am able to ping out to the internet, even though it's set to 'no', so I don't understand the last comment.
As for port 119, this appears to be the NNTP (net news) port -- why would you be running a news server I'm not sure :)
Woops. I meant port 113, identd/auth. Thanks, Greg
avedis@rcn.com writes:
Bits, I think. Whatever they advertise as supplying 1.5meg down and 128k up. I'm at the bottom of the hill from the phone company, so maybe that helps. I downloaded knoppix (700MB) in a little more than an hour.
Okay, that makes more sense :)
I don't know enough to have an answer. How many kinds of ICMP are there? The firewall config file gives three choices -
# Allow (or don't) ICMP echo pings on either the firewall or the dmz # from the internet? The internet option is for allowing the DMZ and # the internal network to ping the internet. FW_ALLOW_PING_FW="no" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no"
I understand that the first two determine whether the firewall or the dmz respond to pings from the internet, but I'm not sure what the third option does. I am able to ping out to the internet, even though it's set to 'no', so I don't understand the last comment.
I'm not sure why you would want to block outbound pings, but that sounds like the intended behavior of the last option in the list. You probably don't use a DMZ configuration, so the first should just disallow inbound pings. Can you test if incoming pings are replied to? What's you IP address?
Woops. I meant port 113, identd/auth.
Ah, I'm sure they don't run/firewall idend by default... -- Josh Huber
participants (2)
-
avedis@rcn.com
-
Josh Huber