이 네트워크의 핑 기능을 활성화하는 방법은 무엇입니까?

네트워크가 두 개 있습니다.

192.168.0.0/24 which is my home network
10.2.0.0/24  which is the second network dedicated to vm's

방화벽이 없으면 아무 문제 없이 모든 네트워크에 ping을 보낼 수 있습니다.

클라이언트 시스템은 Slackware 14.2, ip 192.168.0.2 서버는 OmniOS, ip 10.2.0.1(bge1) 및 192.168.0.30(bge0)입니다.

/etc/rc.d/rc.firewall stop
ping 10.2.0.1
PING 10.2.0.1 (10.2.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.30: icmp_seq=1 ttl=255 time=4.34 ms
64 bytes from 192.168.0.30: icmp_seq=2 ttl=255 time=4.81 ms

가상 머신이 인터넷에 액세스하는 데 네트워크 10.2.0.0/24가 이미 허용되어 있으므로 192.168.0.30으로 응답합니다.

방화벽이 활성화되어 있습니다.

/etc/rc.d/rc.firewall start
    ping 10.2.0.1

대답이 없습니다. 시스템 로그에 따르면...

Apr  8 12:03:58 slack64 kernel: [22092.913008] IN=bridge0 OUT= MAC=************* SRC=192.168.0.30 DST=192.168.0.2 LEN=84 TOS=0x00 PREC=0x00 TTL=255 ID=31255 DF PROTO=ICMP TYPE=0 CODE=0 ID=12441 SEQ=5 
Apr  8 12:03:59 slack64 kernel: [22093.935986] IN=bridge0 OUT= MAC=************* SRC=192.168.0.30 DST=192.168.0.2 LEN=84 TOS=0x00 PREC=0x00 TTL=255 ID=31256 DF PROTO=ICMP TYPE=0 CODE=0 ID=12441 SEQ=6 

내 방화벽은 이 스크립트입니다.

#!/bin/sh
# A simple script firewall
set -e

# We need this for redirection
echo 1 > /proc/sys/net/ipv4/ip_forward

firewall_start() {

# Clean first
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z
iptables -t raw -F
iptables -t raw -X
iptables -t raw -Z

# Default policy
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP

# firewall rules INPUT
iptables -A INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT

# Bacula
iptables -A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 9102:9104 -j ACCEPT

# Ssh 
iptables -A INPUT  -p tcp -m tcp --dport 22 -j ACCEPT

# Icmp
iptables -A INPUT -p icmp -m icmp --icmp-type 0 -s 0/0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -s 0/0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

# Log on syslog
iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG

# Final input rules
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
}

firewall_stop() {
# Clean
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z
iptables -t raw -F
iptables -t raw -X
iptables -t raw -Z

}


firewall_restart() {
firewall_stop
firewall_start
}

case "$1" in
'start')
  firewall_start
  ;;
'stop')
  firewall_stop
  ;;
'restart')
  firewall_restart
  ;;
*)
  echo "usage $0 start|stop|restart"
esac

이것은 서버의 ipf.conf입니다.

# block and quick everything by default but pass on lo0
block in log on bge0 all
pass in quick on lo0 all

# These rules will allow connections initiated from
# this host along with the return connection
pass out quick proto icmp all keep state
pass out quick proto tcp all keep state
pass out quick proto udp all keep state

# Allow SecureShell incoming connections on 2122 port 
pass in quick proto tcp from any to any port = 2122 flags S keep state keep frags

# Allow SecureShell incoming connections on 22 port 
pass in quick proto tcp from any to any port = 22 flags S keep state keep frags

# Allow Secure stunnel telnet  incoming connections on 5860 port 
pass in quick proto tcp from any to any port = 5860 flags S keep state keep frags

# Allow nfs 3 4
pass in quick proto tcp from 192.168.0.0/24 to any port = 2049  flags S keep state keep frags
pass in quick   proto udp from 192.168.0.0/24 to any port = 2049 keep state
pass in quick proto tcp from 192.168.0.0/24 to any port = 4001  flags S keep state keep frags
pass in quick   proto udp from 192.168.0.0/24 to any port = 4001 keep state
pass in quick proto tcp from 192.168.0.0/24 to any port = 111   flags S keep state keep frags
pass in quick   proto udp from 192.168.0.0/24 to any port = 111 keep state
pass in quick proto tcp from 192.168.0.0/24 to any port = 48472 flags S keep state keep frags
pass in quick   proto udp from 192.168.0.0/24 to any port = 48472 keep state
pass in quick proto tcp from 192.168.0.0/24 to any port = 8932 flags S keep state keep frags
pass in quick   proto udp from 192.168.0.0/24 to any port = 8932 keep state

#Allow PING
pass in quick proto icmp from any to any keep state

# Samba
pass in quick proto udp from 192.168.0.0/24 to any port = 137 keep state
pass in quick proto udp from 192.168.0.0/24 to any port = 138 keep state
pass in quick proto udp from 192.168.0.0/24 to any port = 139 keep state
pass in quick proto udp from 192.168.0.0/24 to any port = 445 keep state
pass in quick proto tcp from 192.168.0.0/24 to any port = 137 flags S keep state keep frags
pass in quick proto tcp from 192.168.0.0/24 to any port = 138 flags S keep state keep frags
pass in quick proto tcp from 192.168.0.0/24 to any port = 139 flags S keep state keep frags
pass in quick proto tcp from 192.168.0.0/24 to any port = 445 flags S keep state keep frags

# Dns
pass in quick proto udp from 192.168.0.0/24 to any port = 53 keep state
pass in quick proto tcp from 192.168.0.0/24 to any port = 53 flags S keep state keep frags

핑을 활성화하려면 어떻게 해야 합니까?