What prevents a machine from responding to pings?
Solution 1
I dont' think that it's related to ping problem, but if you want to put selinux temporary off, you have this option:
setenforce 0
it put selinux from enforcing to permissive mode, to check its condition run
sestatus
to diable selinux permanently you can use system-config-securitylevel
or edit with nano
or vi
/etc/selinux/config
and change the parameter from SELINUX=enforcing
to SELINUX=disabled
.
for me there is a rule in Amazon EC2 that prevent to allow the ping traffic between your machines...
Solution 2
It can be a setting in the kernel or iptables.
To check kernel config:
cat /proc/sys/net/ipv4/icmp_echo_ignore_all
Enable ICMP reply (temporal):
echo 0> /proc/sys/net/ipv4/icmp_echo_ignore_all
Enable ICMP reply (permanent):
Edit /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all=0
Extracted from: http://www.sysadmit.com/2016/03/linux-respuesta-ping-habilitar-o-deshabilitar.html
Solution 3
I think your ping is not working because of SELinux. Try the following command as root:
$ system-config-securitylevel-tui
Change the Security Level to disable and change the SELinux to disable also.
Now try to ping, I think now it shud work if there is no network problem.
Related videos on Youtube
cwd
Updated on September 18, 2022Comments
-
cwd over 1 year
I have a
CentOS release 5.4
linux box on Amazon EC2 that I'm trying to set up to be monitored via Nagios. The machine is in the same security group as the nagios server, but it seems to be unresponsive to pings or NRPE checks, although apparently port 22 is open.The CentOS box can ping itself using it's internal IP address, and it can ping the Nagios server, but the server can not ping the CentOS box.
I know the CentOS box is using
iptables
, here are the contents of the/etc/sysconfig/iptables
file (some ips changed for security):# Generated by iptables-save v1.3.5 on May 16 11:28:45 2012 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [56:6601] -A INPUT -s 149.15.0.0/255.255.0.0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -s 72.14.1.153 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -s 184.119.28.174 -p tcp -m tcp --dport 5666 -j ACCEPT COMMIT # Completed on May 16 11:28:45 2012
The part that really gets me is that even after I do
/etc/init.d/iptables stop
:Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ]
I am still unable to ping the box or do NRPE checks on it.
What else could be preventing
ping
or other connections? I'm not sure what else to try.Here is a list of processes found with
sudo ps -A
:aio/0 atd bash cqueue/0 crond dbus-daemon dhclient events/0 hald hald-runner init kauditd kblockd/0 khelper khubd kjournald kmirrord kmpathd/0 kpsmoused kseriod ksoftirqd/0 kswapd0 kthread master migration/0 mingetty nscd pdflush pickup qmgr sshd su syslog-ng udevd watchdog/0 xenbus xenwatch xinetd
-
Admin over 11 yearspings aren't done on a specific port, they are done using ICMP packets. To reply to a ping, your firewall must allow it. Maybe something like "-p icmp --icmp-type echo-request -j ACCEPT"
-
Admin over 11 yearsso if the firewall is off (
/etc/init.d/iptables stop
, also ufw is not installed) then it should work. but it doesn't... -
Admin over 11 yearsAlso check to see if SELinux is blocking you somehow. I vaguely remember cases where I had to tweak SELinux even after shutting down the firewall.
-
Admin over 11 yearssorry, missed the "stop". Doing some research, I found that there's a /proc/sys/net/ipv4/icmp_echo_ignore_all that should be set to 0. So, "cat /proc....", and if it gives you 1, do a "echo 0 > /proc...."
-
Admin over 11 years@woliveirajr - that is very good to know. it gives me a
0
right now, also remember that it does respond when Iping localhost
, and it looks like if I set that to1
it no longer responds even to itself... hmmm. i guess that's not my fix but thank you for telling me about this! :) -
Admin over 11 yearsstop the firewall with the service command
service iptables stop
and to disable it at boot time usechkconfig iptables off
-
-
cwd over 11 yearsAwesome! It is set to
Enable
andEnforcing
. I can use the keyboard and the space key to selectDisabled
for the security level, but I don't know how to "select"Disabled
for SELinux. It looks like I have set it but then when I hit OK and come back the Security Level is set but no the SELinux - img708.imageshack.us/img708/6703/pictureyc.png -
pradeepchhetri over 11 years@cwd: You have to use arrow key to change the SELinux value..
-
cwd over 11 yearsI think it may be something else because I'm seeing that /selinux/disable has permissions of
--w-------
. If I chmod u+r and open it withvi
it says there is a read error... -
pradeepchhetri over 11 yearsThat is not the problem ..permissions are like that only in mine also..whether ur arrows keys (up arrow and down arrow ) dont move the option to disable..
-
cwd over 11 yearshmm, i can change the options to look like this - img841.imageshack.us/img841/7052/picturejp.png. then i use the space bar to press OK. When I run the utility again it reverts.
-
cwd over 11 yearsmaybe i should open another question on how to disable selinux, but i have read some of the questions and i don't seem to have
/etc/sysconfig/selinux
or/boot/grub/grub.conf
. Also echo 1 >/selinux/disable gives me-bash: echo: write error: Invalid argument
-
cwd over 11 yearsif those files and commands are missing is it possible they have been deleted to prevent changes? I'm coming into this system second-hand. What's the best way to get them back?
-
tombolinux over 11 yearscheck if you have installed the policycoreutils package
-
tombolinux over 11 yearsand libselinux-utils (for setenforce)...
-
cwd over 11 yearswoo hoo! installing
policycoreutils
which includeslibselinux-utils
, then doingsetenforce 0
and then runningsystem-config-securitylevel-tui
allows me to save changes correctly. thanks!!