From owner-freebsd-questions@FreeBSD.ORG  Sat Dec 27 00:16:29 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C36FF16A4CE
	for <freebsd-questions@freebsd.org>;
	Sat, 27 Dec 2003 00:16:29 -0800 (PST)
Received: from geminix.org (gen129.n001.c02.escapebox.net [213.73.91.129])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6F9B943D39
	for <freebsd-questions@freebsd.org>;
	Sat, 27 Dec 2003 00:16:28 -0800 (PST)
	(envelope-from gemini@geminix.org)
Message-ID: <3FED3FD8.9000104@geminix.org>
Date: Sat, 27 Dec 2003 09:16:24 +0100
From: Uwe Doering <gemini@geminix.org>
Organization: Private UNIX Site
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031206
X-Accept-Language: en-us, en
MIME-Version: 1.0
Cc: freebsd-questions@freebsd.org
References: <NEBBLHKFIKHLKPNHEDBOMENJAOAB.frankd@iaw.on.ca>
In-Reply-To: <NEBBLHKFIKHLKPNHEDBOMENJAOAB.frankd@iaw.on.ca>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Received: from gemini by geminix.org with asmtp (TLSv1:AES256-SHA:256)
	(Exim 3.36 #1)
	id 1Aa9cY-000K4M-00; Sat, 27 Dec 2003 09:16:26 +0100
Subject: Re: Can't traceroute to my box
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Dec 2003 08:16:29 -0000

Frank DeChellis wrote:
> Hi.
> 
> I am new to FreeBSD.  I have been using NetBSD for about 9 years.  I have
> FreeBSD v. 4.8 Release #1 running.  Everything is smooth expect for one
> thing.
> 
> I can't traceroute to the box.  I can do a traceroute -I to it, but not a
> regular traceroute, which tells me something about UDP, but I don't know
> where to look.
> 
> IS there a file somewhere that is closing certain UDP ports that respond to
> traceroute?

Apart from the usual suspect (firewall filtering out the incoming UDP 
and/or outgoing ICMP packets), what does

   sysctl net.inet.udp.blackhole

show?  If it is _not_ 0 it means that UDP ports that are not in use 
don't generate a response, which implies that the normal 'traceroute' 
won't work.  This feature is intended to make the life of (port 
scanning) hackers even more miserable than it must be already.  There is 
a related variable for TCP as well (net.inet.tcp.blackhole).

    Uwe
-- 
Uwe Doering         |  EscapeBox - Managed On-Demand UNIX Servers
gemini@geminix.org  |  http://www.escapebox.net