Re: NETSCAPE works, while PING does not

Sun, 13 Aug 2000 22:56:04 -0500 

No need to cc me, I read the list.

On Sun, Aug 13, 2000 at 09:10:02PM -0400, Alessandro Ghigi wrote:
> 
> 
> On Sun, 13 Aug 2000 kmself@ix.netcom.com wrote:
> 
> > On Sun, Aug 13, 2000 at 03:41:58PM -0400, Alessandro Ghigi wrote:
> > > 
> > > There are some addresses I cannot ping, while I can access them with
> > > Netscape, ftp or finger (depending on the type). I can't figure out what
> > > is difference between these addresses and the ones which I can ping
> > > succesfully.
> > 
> > This may be a result of firewalling at the remote site.  It's possible
> > to disable ping replies.  I believe through ICMP accept/deny rules,
> > though I'm new at this.
> 
> But if I ping these addresses (e.g. www.netcom.com, ftp.de.debian.org,
> xxx.sissa.it) from
> the account I have on the server (the same server to
> which I connect via PPP) the addresses respond. Therefore I guess it's my
> fault. Another strange thing (strange for me, I mean) is that when ping
> knows and displays the IP corresponding to the address (but does nothing
> more).

Firewalling is specific to host.  If a host is firewalled to reject icmp
type 0 requests, it won't respond to a ping.  The firewall is at or near
the remote host, net you and your ISP.  This means you *can* ping some
hosts:

                          +---------------------+      +----------------+
                     ,--> | FW pass icmp type 0 | ---> | pingable host  |
                    /     +---------------------+      +----------------+
  +---+      +---+ /     +----------------------+      +----------------+
  |You| ===> |ISP| ----> | FW BLOCK icmp type 0 | ---> | unpingable host|
  +---+      +---+ \     +----------------------+      +----------------+
                    \     +---------------------+      +----------------+
                     `--> | FW pass icmp type 0 | ---> | pingable host  |
                          +---------------------+      +----------------+

...the other thing that's happening is DNR -- domain name resolution.
ping isn't looking up the address for the server you're trying to reach,
it's quering your local (or remote) BIND servers.  The response is
likely coming from a cached version of this database either on your own
system or at some other point between you and the remote server.

-- 
Karsten M. Self <kmself@ix.netcom.com>     http://www.netcom.com/~kmself
 Evangelist, Opensales, Inc.                    http://www.opensales.org
  What part of "Gestalt" don't you understand?   Debian GNU/Linux rocks!
   http://gestalt-system.sourceforge.net/    K5: http://www.kuro5hin.org
GPG fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0

Attachment: pgpd0NRCrkqb8.pgp
Description: PGP signature

Reply via email to