From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050417 Fedora/1.7.7-1.3.1 Description of problem: ICMP dest unrch (host comm denied) (84 bytes) from 10.10.10.13 to 10.10.10.1 on eth0. Running iptraf I see error messages like that periodically. Our router has ip of 10.10.10.1. Removing the following rule from /etc/sysconfig/iptables -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited. and restarting the iptables service fixes the problem. Version-Release number of selected component (if applicable): Linux davidian 2.6.9-1.667 #1 Tue Nov 2 14:41:25 EST 2004 i686 athlon i386 GNU/Linux How reproducible: Always Steps to Reproduce: 1. Default install 2. Running the default firewall 3. Additional info:
The default firewall configuration is generated in anaconda.
Yes, that is the default rule that will block anything not specifically allowed by the previous rules. What are you trying to do and what ports/protocols does it use? Most likely, you just need to add that information to the "other ports" field in system-config-securitylevel to allow the service.
I'm not trying to do anything. And i receive this error message from the router. Every few seconds. Removing the rule i don't get the "ICMP dest unreachable" message. And everything seems to be okay.
Fedora Core 3 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thank you!
Dropping the reject rule will open up the firewall for all traffic. Therefgore this is no solution at all. icmp-host-prohibited is a valid reject type and the router should honor this. This is not a bug in the firewall configuration, it is a bug in the router configuration - some kind of availability check. Closing as "NOT A BUG".