Date: Mon, 2 Nov 1998 23:11:00 -0500 From: "Norman C. Rice" <nrice@emu.sourcee.com> To: junkmale@xtra.co.nz, Darren Reed <avalon@coombs.anu.edu.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: IPFW problems... Message-ID: <19981102231100.C2779@emu.sourcee.com> In-Reply-To: <199811022300.MAA19467@cyclops.xtra.co.nz>; from Dan Langille on Tue, Nov 03, 1998 at 12:00:24PM %2B1300 References: <199810291803.HAA15509@witch.xtra.co.nz> <199811011102.AAA03077@predator.xtra.co.nz> <199811022300.MAA19467@cyclops.xtra.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 03, 1998 at 12:00:24PM +1300, Dan Langille wrote: > On 1 Nov 98, at 22:02, Darren Reed wrote: > > > In some mail from Dan Langille, sie said: > > > > > > On 29 Oct 98, at 21:45, Darren Reed wrote: > > > > > > > traceroute/UDP was fixed on the weekend last, the pc (ICMP) version > > > > may not yet work. > > > > > > OK. Good! Can you guess when the other version will work? > > > > My testing shows "traceroute -I" to work properly with NAT. > > I'm not sure what "traceroute -I" does. I see no such option on > traceroute for FreeBSD 2.2.7. Perhaps he is using the Linux version of traceroute where the `-I' option uses ICMP ECHO instead of UDP datagrams. -- Regards, Norman C. Rice, Jr. > > As for my traceroute problems, my mind is unclear. I admit that I didn't > take full notes. As such, I supply the following in the hopes that it may > trigger something when you read it. If it does not, then I will reinstall > IP Filter and get the full story. > > I'm using IP Filter 3.2.9 under FreeBSD 2.2.7 RELEASE. > > I believe I was able to traceroute when using NAT and without any deny > rules. When I tried to add in the example firewall rules (from > rules/BASIC_2.FW), I found that disabling the following rule allowed > traceroute to work: > > block in log quick all with short > > When this rule was present, traceroute did not work at all. > > -- > Dan Langille > The FreeBSD Diary > http://www.FreeBSDDiary.com/freebsd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981102231100.C2779>