Sending a "ping": Which (ICMP) ports must be open in firewall to receive answer ? - Firewalls

This is a discussion on Sending a "ping": Which (ICMP) ports must be open in firewall to receive answer ? - Firewalls ; Ok, I sent a ping to a remote computer which is definitively alive and responding. However I get a timeout at my local computer because of too restrictive firewall rules. Which ICMP ports must be open to be able to ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Sending a "ping": Which (ICMP) ports must be open in firewall to receive answer ?

  1. Sending a "ping": Which (ICMP) ports must be open in firewall to receive answer ?

    Ok, I sent a ping to a remote computer which is definitively alive and responding.

    However I get a timeout at my local computer because of too restrictive firewall rules.

    Which ICMP ports must be open to be able to receive all possible answers from the target machine ?

    Peter


  2. Re: Sending a "ping": Which (ICMP) ports must be open in firewall to receive answer ?

    Peter Waibel wrote:

    > However I get a timeout at my local computer because of too restrictive
    > firewall rules.
    >
    > Which ICMP ports must be open to be able to receive all possible answers
    > from the target machine ?


    ICMP doesn't have ports and if you don't even understand how a simple ICMP
    works then you shouldn't try to implement a firewall.

  3. Re: Sending a "ping": Which (ICMP) ports must be open in firewall to receive answer ?

    On 29 Mar 2007 14:28:00 GMT, p.waibel@hotmail.com (Peter Waibel) wrote:

    >Ok, I sent a ping to a remote computer which is definitively alive and responding.
    >
    >However I get a timeout at my local computer because of too restrictive firewall rules.
    >
    >Which ICMP ports must be open to be able to receive all possible answers from the target machine ?
    >
    >Peter


    Peter,

    Rules related to ports are for TCP/UDP traffic. ICMP rules are separate. For
    Windows Firewall, look on the Advanced tab, under ICMP. Enable "incoming echo
    request" on both computers.

    --
    Cheers,
    Chuck, MS-MVP [Windows - Networking]
    http://nitecruzr.blogspot.com/
    Paranoia is not a problem, when it's a normal response from experience.
    My email is AT DOT
    actual address pchuck mvps org.

  4. Re: Sending a "ping": Which (ICMP) ports must be open in firewall to receive answer ?

    In comp.security.firewalls Peter Waibel wrote:
    > Ok, I sent a ping to a remote computer which is definitively alive and
    > responding.
    >
    > However I get a timeout at my local computer because of too
    > restrictive firewall rules.
    >
    > Which ICMP ports must be open to be able to receive all possible
    > answers from the target machine ?


    ICMP is a protocol of its own, which - unlike TCP or UDP - doesn't have
    something like "ports". What you want to do is allow certain types of
    ICMP messages. I usually suggest to allow:

    Type 0 (echo reply)
    Type 3 (destination unreachable)
    Type 4 (source quench)
    Type 8 (echo request)
    Type 11 (time exceeded)
    Type 12 (parameter problem)

    Allowing other types I wouldn't recommend, unless you know what you're
    doing.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  5. Re: Sending a "ping": Which (ICMP) ports must be open in firewall to receive answer ?

    On 29 Mar, 15:28, p.wai...@hotmail.com (Peter Waibel) wrote:
    > Ok, I sent a ping to a remote computer which is definitively alive and responding.
    >
    > However I get a timeout at my local computer because of too restrictive firewall rules.
    >
    > Which ICMP ports must be open to be able to receive all possible answers from the target machine ?
    >
    > Peter


    None. It doesn't use ports.

    Many firewalls would have a setting to allow or disallow ICMP.
    e.g. The Windows Firewall has an advanced tab where you can enable
    ICMP related things. It'd be set on the remote machine. At the moment
    the remote machine may be blocking ICMP.

    you could also use nmap -P0 1.2.3.4
    where 1.2.3.4 is the ip of the machine that you are testing for a sign
    of life.
    That will work even when ICMP is blocked.








  6. RE: Sending a "ping": Which (ICMP) ports must be open in firewall to receive answer ?


    In article <460bccf0$0$23149$9b4e6d93@newsspool1.arcor-online.net>,
    p.waibel@hotmail.com (Peter Waibel) writes:

    >Ok, I sent a ping to a remote computer which is definitively alive and
    > responding.
    >
    >However I get a timeout at my local computer because of too restrictive
    > firewall rules.
    >
    >Which ICMP ports must be open to be able to receive all possible answers from
    > the target machine ?


    ICMP doesn't use ports, it uses "types." If you're only interested
    in echo requests/responses, the echo request is ICMP type 8 and comes from
    your system, and the target machine will respond with an echo response, which
    is ICMP type 0. If you're dealing with the Windows XP SP2 firewall, if you
    allow echo requests (Control Panel->Windows Firewall->Advanced tab->ICMP
    Settings...), this will implicitly allow echo responses. Alternatively, you
    can just allow "File and Printer Sharing" in the Exceptions tab, but that may
    open you up to more than you want to allow.

    >
    >Peter
    >


    Regards,
    Mike
    --
    | Systems Specialist: CBE,MSE
    Michael T. Davis (Mike) | Departmental Networking/Computing
    http://www.ecr6.ohio-state.edu/~davism/ | The Ohio State University
    | 197 Watts, (614) 292-6928

+ Reply to Thread