On 22 September 2011 12:39, Adam Carter <adamcart...@gmail.com> wrote: > # tcpdump -n -i eth0 host 192.168.1.6 and port not 22 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes > 21:10:57.011994 IP 192.168.1.6.46161 > 192.168.1.250.80: S > 4279617058:4279617058(0) win 14600 <mss 1460,sackOK,timestamp 7007662 > 0,nop,wscale 6> > 21:10:57.037227 IP 192.168.1.250 > 192.168.1.6: ICMP host > 192.168.1.250 unreachable - admin prohibited filter, length 36
> Anyone seen this behavior? There's no iptables, the hosts are gentoo > and on the same subnet. I've only seen admin prohibited ICMP from > filtering by cisco ACLs - what could be the problem? It's not the ICMP that is being prohibited. This packet: > 21:10:57.037227 IP 192.168.1.250 > 192.168.1.6: ICMP host > 192.168.1.250 unreachable - admin prohibited filter, length 36 is an ICMP "host unreachable" response from .250. The extended reason for the unreachability is that there is an administrative policy preventing the traffic. It almost certainly *is* a firewall that's preventing this, one with a REJECT target, as REJECT specifies to return an ICMP unreachable packet. I suggest that you look more closely at the firewalling on .250. If there is definitely no firewalling going on (ie iptables -nvL shows only default policies and the default is ACCEPT for INPUT and OUTPUT chains) then could there be an intervening network device? Rich
