I have this iptables configuration, it supposed to let me do ssh from remote machine in the same subnetwork, but I can't even do ping. What's happening?
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
WHITELIST tcp -- anywhere anyrhere tcp dpt:ssh
tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: SET name: DEFAULT side: source
LOG all -- anywhere anywhere recent: UPDATE seconds: 30 hit_count: 6 name: DEFAULT side: source LOG level warning
DROP all -- anywhere anywhere recent: UPDATE seconds: 30 hit_count: 6 name: DEFAULT side: source
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain WHITELIST (1 references)
target prot opt source destination
RETURN all -- 192.168.0.0/24 anywhere
RETURN all -- 192.168.1.0/24 anywhere
RETURN all -- 192.168.2.0/24 anywhere
RETURN all -- 192.168.3.0/24 anywhere
DROP all -- anywhere anywhere
According to these rules, you only have SSH access from the some local networks. Everything else is forbidden, including ICMP, which is used by ping. With the following command you will open access to your machine "/sbin/iptables -I INPUT -j ACCEPT" , but these restrictions are there with a reason so better consult your network administrator prior.