Topic: how to enable ping

i installed iRedmail 0.5.1, and also included the iptables script to automatic start on the mailserver.

now the mailserver is no longer available when ping the mailserver

how can this be enabled again? some mailsenders probe to ping the sending mailserver if it is existent and now these will no longer accept mail from my iredmail server?



Re: how to enable ping

What you need to to is to simply allow a certain types of ICMP types to pass through your netfilter.

ICMP has several types of packages. The ones that need be allowed to pass are:
each type can be specified by name (echo-request ttl-zero-during-transit ttl-zero-during-reassembly) or by number (8 and 11) For more informatoin see iptables --protocol icmp --help

The code in your netfilter/iptables script would then looks somewhat like this

specifying the icmp types

echo-request \
ttl-zero-during-transit \
ttl-zero-during-reassembly"  # numerical values for those ICMP types are 8 and 11; see iptables --protocol icmp --help

loading the rules into the kernel

for icmp_type in $icmp_types_to_accept; do
  $exe_iptables -A chain_accept_icmp_packets -p icmp -s $net_all --icmp-type $icmp_type -j ACCEPT

For more info go here http://github.com/sunoano/bash/blob/mas … ket_filter


Re: how to enable ping

You can simplily append one line in /etc/sysconfig/iptables (RHEL/CentOS) or /etc/default/iptables (Debian/Ubuntu) before 'COMMIT' line:

# Allow PING from remote hosts.
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

I added this in default iptables now. smile



Re: how to enable ping

Hi Zhang, thanks for the quick reaction. I'd also add ttl-zero-during-transit and ttl-zero-during-reassembly.