Yes, there's a problem with ICMP ... A ICMP type 3 code 1 (so "host unreachable") is sent to you, but blocked by your firewall... And it's about 172.16.250.1
Is everything well configured ? Maybe you could also accept some ICMP msg on your INPUT chain ? e.g. : iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT iptables -A INPUT -p icmp --icmp-type source-quench -j ACCEPT iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT iptables -A INPUT -j log-icmp On Tue, Mar 11, 2003 at 01:51:38AM -0000, Ian Goodall wrote: > Here are the logs: > > ID=56596 PROTO=ICMP TYPE=3 CODE=1 [SRC=172.16.5.92 DST=172.16.250.1 LEN=60 > TOS=0x00 PREC=0x00 TTL=64 ID=15353 DF PROTO=TCP SPT=1031 DPT=8080 WINDOW=5840 > RES=0x00 SYN URGP=0 ] > Mar 11 01:40:08 dev1 kernel: DROPITIN=lo OUT= > MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.16.5.92 DST=172.16.5.92 > LEN=88 TOS=0x00 PREC=0xC0 TTL=255 ID=56597 PROTO=ICMP TYPE=3 CODE=1 > [SRC=172.16.5.92 DST=172.16.250.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24795 > DF PROTO=TCP SPT=1030 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ] > Mar 11 01:40:08 dev1 kernel: DROPITIN=lo OUT= > MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.16.5.92 DST=172.16.5.92 > LEN=88 TOS=0x00 PREC=0xC0 TTL=255 ID=56598 PROTO=ICMP TYPE=3 CODE=1 > [SRC=172.16.5.92 DST=172.16.250.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=15354 > DF PROTO=TCP SPT=1031 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0 ] > > It seams that there is a problem with icmp. 172.16.5.92 is the linux box and > 172.16.250.1:8080 is the proxy server... -- __o _`\<,_ Marc Demlenne Public Key on www.keyserver.net (_)/ (_) GPG/768FA483 BFD8 E61B 180C 3E7A 3435 D393 B605 9979 768F A483
