From owner-freebsd-questions Tue Apr 24 3:50:45 2001 Delivered-To: freebsd-questions@freebsd.org Received: from hq1.tyfon.net (hq1.tyfon.net [217.27.162.35]) by hub.freebsd.org (Postfix) with ESMTP id AD61A37B422 for ; Tue, 24 Apr 2001 03:50:41 -0700 (PDT) (envelope-from dl@tyfon.net) Received: from localhost (localhost [127.0.0.1]) by hq1.tyfon.net (Postfix) with ESMTP id D81391C7EF for ; Tue, 24 Apr 2001 12:50:39 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by hq1.tyfon.net (Postfix) with ESMTP id 441451C5C7 for ; Tue, 24 Apr 2001 12:50:36 +0200 (CEST) Date: Tue, 24 Apr 2001 12:50:36 +0200 (CEST) From: Dan Larsson To: FreeBSD Questions List Subject: trouble getting traceroutes to work through stateful firewall Message-ID: <20010424122948.P15476-100000@hq1.tyfon.net> Organization: Tyfon Svenska AB X-NCC-NIC: DL1999-RIPE X-NCC-RegID: se.tyfon MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by hq1.tyfon.net Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've switched to stateful packetfiltering. Now traceroutes doesn't work through the firewall anymore. This is the firewall rule that ipfw uses 04000 allow ip from 10.0.0.0/24 to any keep-state in recv ed0 This is the rule that gets created 04000 0 0 (T 0, # 129) ty 0 udp, 10.0.0.233 44889 <-> 216.136.204.21 33435 04000 0 0 (T 0, # 132) ty 0 udp, 10.0.0.233 44889 <-> 216.136.204.21 33438 04000 0 0 (T 0, # 134) ty 0 udp, 10.0.0.233 44889 <-> 216.136.204.21 33436 04000 0 0 (T 0, # 135) ty 0 udp, 10.0.0.233 44889 <-> 216.136.204.21 33437 I can traceroute from the box itself but not from machines behind it. (This is on a FreeBSD-4.3 STABLE machine with NAT) What am I missing here? Regards +------ Dan Larsson | Tel: +46 8 550 120 21 Tyfon Svenska AB | Fax: +46 8 550 120 02 GPG and PGP keys | finger dl@hq1.tyfon.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message