Leland F. Jackson, CPA wrote: > Charles Hart Enzer, M.D. wrote: > >> I have found an answer. >> >> >> In the Outbound Hardware Firewall Rules: >> >> >> # Pass and Log ICMP Echo Request >> >> RulesPassICMP >> >> pass icmp-type request >> done, state, alert 0 [ICMP - Echo Request >> - Pass] # Type: 8 (allow ping requests >> >> >> What dangers does this pose to my laptop? >> >> >> I don't want anyone to either Ping me nor Tracert me. >> >> >> At 11:47 PM 12/5/2007, you wrote: >> >> What Ports do I need to open in >> my Router's FireWall so that I can PING out? >> >> >> Like: >> >> pass protocol udp, to >> port 22 >> state, done # SSH >> >> pass protocol tcp, to >> port 22 >> state, done # SSH >> >> >> PING works only when I open all Ports. >> >> >> Thank you. >> Port 7 is designated for the echo service, which I was thinking ping used, but perhaps not.
I decided to look into you question a little more, since this is something I should know. Based on my understanding of what I'm reading on the Internet, the ping command lives in it own ICMP protocol world, carried via the network layer (IP) protocol. It seem from what I'm getting from the Internet that ping does not use a port number, but rather works within the ICMP protocol layer, which is apart from TCP. So, like a web server can talk to a client browser using the HTTP protocol, (e.g. language), or a mail server can communicate with a email client using SMTP protocol, computers can communicate (e.g. talk across the Internet using ICMP protocol over the IP protocol without the need for a port number. If there is any designated port for ping, I can't find it. Below is an excerpt with the source link: #------------------------------------------- It is the responsibility of the network layer (IP) protocol to ensure that the ICMP message is sent to the correct destination. This is achieved by setting the destination address of the IP packet carrying the ICMP message. The source address is set to the address of the computer that generated the IP packet (carried in the IP source address field) and the IP protocol type is set to "ICMP" to indicate that the packet is to be handled by the remote end system's ICMP client interface. http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/icmp.html or http://tinyurl.com/9wwcr #--------------------------------------- Regards, LelandJ >> >> >> >> -- Charles -- >> >> >> Mailto:[EMAIL PROTECTED] >> >> Website: >> >> < >> http://homepages.uc.edu/~enzerch >> >> http://homepages.uc.edu/ >> < >> http://homepages.uc.edu/~enzerch>~enzerch >> >> >> >> >> >> _______________________________________________ >> >> Post Messages to: ProFox@leafe.com >> >> Subscription Maintenance: >> >> http://leafe.com/mailman/listinfo/profox >> >> OT-free version of this list: >> >> http://leafe.com/mailman/listinfo/profoxtech >> >> Searchable Archive: >> >> http://leafe.com/archives/search/profox >> >> This message: >> >> http://leafe.com/archives/byMID/profox/[EMAIL PROTECTED] >> >> >> ** All postings, unless explicitly stated otherwise, are the opinions of >> the author, and do not constitute legal or medical advice. This statement >> is added to the messages for those lawyers who are too stupid to see the >> obvious. >> >> >> >> Let's plan a 55th reunion for 2011. >> >> >> Our Photos: >> >> Our 50th Reunion at Rothberg International School June, 2006 >> >> >> >> http://picasaweb.google.com/CEnzer/20060650thReunionRothbergInternationalSchool >> >> >> >> Our Class of 1955 - 56 >> >> >> >> >> http://picasaweb.google.com/CEnzer/195556TheRemnantFromHebrewUniversity >> >> Left to right: >> >> 1st: David F. z{quot}l,Herb B. z{quot}l, Richard P.,Bernie F., >> Peter S. >> >> 2nd: Various instructors, profs >> >> 3rd: Sam F.,Frieda L., Pat S., Bobbi S., Suzanne E., Chana A., >> Suzette E. >> >> 4th: David B., David K., Aaron W., Charles D., Mel P., Marty Z., >> Charles E., Norman L., Barbara A. >> >> Missing: Lois B. z{quot}l, Phyllis B. >> >> >> -- Shai -- >> >> >> Mailto:[EMAIL PROTECTED] >> >> Website: >> http://homepages.uc.edu/ >> ~enzerch >> >> >> >> >> > > By default most router are permissive allowing all ports from the LAN to > have access to the internet, and restrictive on incoming packets from > the internet. However, if your firewall rules deny all outbound > packets from the LAN to the internet, you will need to open port 7 to > ping out. > > Regards, > > LelandJ > > > >> --- StripMime Report -- processed MIME parts --- >> text/html (html body -- converted) >> --- >> >> [excessive quoting removed by server] _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[EMAIL PROTECTED] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
