I need to check if my virtual machine with Whonix Gateway is working by pinging the address 10.152.152.10. Adding GATEWAY_ALLOW_INCOMING_ICMP=1 didn’t help. Adding my own rule in nftables also didn’t work. Where did I go wrong?
P.S I have mtu 1450 on this interface and i try with fragment parameter in firewall and without it
Need to also adjust workstation firewall.
1 Like
I have vRouter between, and i have no result from router. It is problem only on whonix gateway. I try to make tests in network with mtu 1500 (without fragmenting) - no result.
My tests:
mtu 1500
GATEWAY_ALLOW_INCOMING_ICMP=1 - no result
create new rules in nftables for icmp - no result
add my rules to init firewall script (firewall_common) to persist them - no result
mtu 1450
all same tests with icmp_fragment_allow_flag and without - no results
options:
- check the source code: GitHub - Whonix/whonix-firewall: https://www.whonix.org/wiki/Imprint
- try asking AI → Artificial Intelligence
- learn nftables
- Dev/Firewall Unload - Whonix
I forgot to write, I have a solution.
sudo sysctl -w /net/ipv4/icmp_echo_ignore_all=0
sudo systemctl restart networking
sudo nft insert rule inet filter input ip protocol icmp icmp type echo-request accept
sudo nft insert rule inet filter output ip protocol icmp icmp type echo-reply accept