Date: Tue, 22 Jul 2003 12:12:05 +0300 From: Ion-Mihai Tetcu <itetcu@tecnik93.com> To: "Dennis B. Hopp" <dhopp@coreps.com>, <freebsd-ipfw@freebsd.org> Subject: Re: allowing internal machines to traceroute Message-ID: <200307221212.05282.itetcu@tecnik93.com> In-Reply-To: <01ab01c34fbd$d6d01440$0201a8c0@dennis> References: <01ab01c34fbd$d6d01440$0201a8c0@dennis>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 21 July 2003 22:25, Dennis B. Hopp wrote:
> I have setup a freebsd machine to act as a firewall/NAT device. NAT
> is working fine and the firewall is working but I'm having trouble
> allowing internal machines to do traceroutes.
# TRACEROUTE - Allow outgoing
${fwcmd} add pass udp from any to any 33434-33523 out via ${oif}
# ICMP packets
# Allow all ICMP packets on internal interface
${fwcmd} add pass icmp from any to any via ${iif}
# Allow outgoing pings
${fwcmd} add pass icmp from any to any icmptypes 8 out via ${oif}
${fwcmd} add pass icmp from any to any icmptypes 0 in via ${oif}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307221212.05282.itetcu>