Date: Thu, 07 Mar 2013 14:37:32 -0600 From: Martin McCormick <martin@x.it.okstate.edu> Cc: freebsd-questions@freebsd.org Subject: Revisiting Traceroute Through ipfw FreeBSD9.x Message-ID: <201303072037.r27KbWsE004345@x.it.okstate.edu>
next in thread | raw e-mail | index | archive | help
I immediately found several plausible examples of what to put in
the firewall rules file and the following rules were set just
after the local loopback address:
ip="139.78.2.13"
setup_loopback
# Allow traceroute to function, but not to get in.
${fwcmd} add unreach port udp from any to ${ip} 33435-33524
# Allow some inbound icmps - echo reply, dest unreach, source quench,
# echo, ttl exceeded.
${fwcmd} add allow icmp from any to any icmptypes 0,3,4,8,11
My thanks to previous posters for these rules. I still,
however only get
*traceroute: sendto: Permission denied
traceroute: wrote 192.168.1.125 52 chars, ret=-1
I also did try:
sysctl net.inet.udp.blackhole=0
then 1 and even 2 with no change.
What else should I look at? The firewall rules are
otherwise working as they should.
Thank you.
Martin McCormick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303072037.r27KbWsE004345>