From owner-freebsd-questions Tue Nov 7 0:27:44 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mailgate3.cinetic.de (mailgate3.cinetic.de [212.227.116.80]) by hub.freebsd.org (Postfix) with ESMTP id 28A3D37B479 for ; Tue, 7 Nov 2000 00:27:40 -0800 (PST) Received: from cinetic.de (popeye.cinetic.de [194.122.194.100]) by mailgate3.cinetic.de (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with SMTP id JAA28389 for ; Tue, 7 Nov 2000 09:27:38 +0100 Date: Tue, 7 Nov 2000 09:27:38 +0100 Message-Id: <200011070827.JAA28389@mailgate3.cinetic.de> MIME-Version: 1.0 Organization: http://freemail.web.de/ From: "Thomas Seck" To: freebsd-questions@freebsd.org Subject: Re: [4.1.1-stable] Problem with traceroute and ipfw Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Chris Hill schrieb am 07.11.00: > On Mon, 6 Nov 2000, Thomas Seck wrote: > > 33434 is the default *base* port number. But as far as I understand the > man page for traceroute (it's not entirely clear), the port number is > incremented for each new hop that traceroute attempts. The following > snippet of `man traceroute` seems to imply this behavior: [...] Well the manpage did not at all clear things up. > Since the default maximum nhops (number of hops) is 30, try opening up > UDP ports 33434 through 33464 and see if that doesn't fix it. > > When I was troubleshooting firewall rules recently, I found a useful > technique: do an 'ipfw zero', then the command that is giving you > trouble, then `ipfw -t show`. This will show you which rules are > blocking the packets you want to pass. It's definitely '65535 ip deny all all', so I used 'ip deny log all all' as the last rule in rc.firewall and could see that traceroute was trying to c via ports >35000, no matter how I set -p. Puzzling. And these port numbers were not even close to 33434. Staring at the source did not help me out either (I did not even quite understand the comments :)). As I said, each subsequent invocation of traceroute increased that port no. by one, no matter whether -p is set. > > Even when I invoked traceroute with -P UPD and -p 33434 the source port > > was >35000. > > ??? Sorry, this part of the question has me baffled. I assume you > actually typed UDP, not UPD :^) Yep. Darn typos :) Well, I still think traceroute does work as expected and I am doing something extremely stupid. Has someone a working 4.1.1 ipfw setup that is allowing traceroute? -- Regards from Germany, Thomas Seck _______________________________________________________________________ 1.000.000 DM gewinnen - kostenlos tippen - http://millionenklick.web.de IhrName@web.de, 8MB Speicher, Verschluesselung - http://freemail.web.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message