Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
This is what I did:
I tried to set rules in the "advanced rules" option to accept all types of ICMP's for all the aplications in the list (on my HD), to make sure people will get ping responses from me, but so far didn't work that redundancy, I even set a 2nd rule to accept all connections on UDP ports 1024-65000 and still didn't work; I did this cuz I saw in "PACKET LOG" that the incoming ICMP requests, used UDP.
So is there anyone that has a solution to my problem of having sygate running but not allowing people to ping you?
PS. By the way why is "Allow icmp" for all applications set by default? and why is it still blocking them? Strange at least to my understanding.
Have a nice day.
Page 1 of 1
Sygate blocking people from PING me
Sygate doesn't obey my commands
Rate Topic:
Back to top
#2
- GroupPolicy Tattoo Artist
-
- Group: Members
- Posts: 1,196
- Joined: 21-April 05
- OS:none specified
-
Country:
Posted 08 May 2005 - 07:01 PM
I don't know Sygate, but these are some "unofficial" rules for Kerio related to ping:
1. Description: Out Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo
Remote Endpoint: Any
Action PERMIT
2. Description: In Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo Reply, Destination Unreachable, Time
Exceeded
Remote Endpoint: Any
Action PERMIT
3. Description: In Block Ping and TraceRoute ICMP
(Notify)
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo
Remote Endpoint: Any
Action DENY
4. Description: Out Block Ping and TraceRoute ICMP
(Notify)
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo Reply, Destination Unreachable, Time
Exceeded
Remote Endpoint: Any
Action DENY
5. Description: Block ICMP (Logged)
Protocol: ICMP
Direction: Both
ICMP Type: Echo Reply, Destination Unreachable, Source
Quench, Redirect,
Echo, Time Exceeded, Parameter Prob, Time Stamp, Time
StampReply, Info
Request, Info Reply, Address, Address Reply, Router
Advertisement, Router
Solicitation (ALL)
Remote Endpoint: Any
Action DENY
I hope you can somehow "translate" them for your needs. Note: Kerio would execute them from top to bottom, i.e. 1, then 2, then 3 etc.
For you to be pingable by others, you need to change 3. and 4. to "PERMIT".
GL
1. Description: Out Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo
Remote Endpoint: Any
Action PERMIT
2. Description: In Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo Reply, Destination Unreachable, Time
Exceeded
Remote Endpoint: Any
Action PERMIT
3. Description: In Block Ping and TraceRoute ICMP
(Notify)
Protocol: ICMP
Direction: Incoming
ICMP Type: Echo
Remote Endpoint: Any
Action DENY
4. Description: Out Block Ping and TraceRoute ICMP
(Notify)
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo Reply, Destination Unreachable, Time
Exceeded
Remote Endpoint: Any
Action DENY
5. Description: Block ICMP (Logged)
Protocol: ICMP
Direction: Both
ICMP Type: Echo Reply, Destination Unreachable, Source
Quench, Redirect,
Echo, Time Exceeded, Parameter Prob, Time Stamp, Time
StampReply, Info
Request, Info Reply, Address, Address Reply, Router
Advertisement, Router
Solicitation (ALL)
Remote Endpoint: Any
Action DENY
I hope you can somehow "translate" them for your needs. Note: Kerio would execute them from top to bottom, i.e. 1, then 2, then 3 etc.
For you to be pingable by others, you need to change 3. and 4. to "PERMIT".
GL
#3
Posted 08 May 2005 - 09:36 PM
GrofLuigi, on May 8 2005, 06:01 PM, said:
I don't know Sygate, but these are some "unofficial" rules for Kerio related to ping:
1. Description: Out Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo
Remote Endpoint: Any
Action PERMIT
1. Description: Out Needed To Ping And TraceRoute Others
Protocol: ICMP
Direction: Outgoing
ICMP Type: Echo
Remote Endpoint: Any
Action PERMIT
Thank you! that worked! but I had to set the 5th rule to ALLOW as the other ones, strange tough, last time I instintictly did something similar to the 5th rule before posting here having all icmp types allowed and in both direction but that didn't work, is as if I needed to set the firsts 4 rules for it to work! That's a mistery, thanks!
#4
- GroupPolicy Tattoo Artist
-
- Group: Members
- Posts: 1,196
- Joined: 21-April 05
- OS:none specified
-
Country:
Posted 09 May 2005 - 06:32 PM
NetTech+Guy,
Glad that worked. Anyhow, I should mention that this is not something I've thought of
, but I found it on some forum dedicated to firewalls, with sections dedicated to some of the most popular apps. Unfortunately, I've just copied the rules (there are more of them) for reference to a text file, so I cannot give due credit. 
GL
Glad that worked. Anyhow, I should mention that this is not something I've thought of
, but I found it on some forum dedicated to firewalls, with sections dedicated to some of the most popular apps. Unfortunately, I've just copied the rules (there are more of them) for reference to a text file, so I cannot give due credit. GL
Share this topic:
Page 1 of 1