Quote:
Originally Posted by SlowToady
Wow...stupid XP firewall. I thought I had it turned off. I can now ping and traceroute to the XP client.
You know, it annoys the hell out of me that people disable ICMP, since the RFC explicitly says not to. I guess I can understand why they do disable it, but it's super annoying and doesn't really add any security. But anyway...
Ok so I figured it out as I was writing this reply about how it didn't work...here's how I fixed it.
Code:
#touch /etc/resolv.conf
#echo nameserver 4.2.2.3 > /etc/resolv.conf
# cp /etc/nsswitch.dns /etc/nsswitch.conf
Thanks guys! |
I really hate it when Security experts say to disable ICMP too - ICMP is a requirement for a properly functioning IP network.
Without ICMP you can't negotiate things like MTU size properly, for example if a down stream router has a lower MTU size and the packets that are reaching it are larger than that MTU - without ICMP it cannot negotiate with the other routers or the host sending the data to change the packet size or to fragment the packets. You basically break the network at that point.
Lame.