Date: Tue, 7 Nov 2000 09:27:38 +0100 From: "Thomas Seck" <tmseck@web.de> To: freebsd-questions@freebsd.org Subject: Re: [4.1.1-stable] Problem with traceroute and ipfw Message-ID: <200011070827.JAA28389@mailgate3.cinetic.de>
next in thread | raw e-mail | index | archive | help
Chris Hill <chris@monochrome.org> schrieb am 07.11.00: > On Mon, 6 Nov 2000, Thomas Seck wrote: > > 33434 is the default *base* port number. But as far as I understand the > man page for traceroute (it's not entirely clear), the port number is > incremented for each new hop that traceroute attempts. The following > snippet of `man traceroute` seems to imply this behavior: [...] Well the manpage did not at all clear things up. > Since the default maximum nhops (number of hops) is 30, try opening up > UDP ports 33434 through 33464 and see if that doesn't fix it. > > When I was troubleshooting firewall rules recently, I found a useful > technique: do an 'ipfw zero', then the command that is giving you > trouble, then `ipfw -t show`. This will show you which rules are > blocking the packets you want to pass. It's definitely '65535 ip deny all all', so I used 'ip deny log all all' as the last rule in rc.firewall and could see that traceroute was trying to c via ports >35000, no matter how I set -p. Puzzling. And these port numbers were not even close to 33434. Staring at the source did not help me out either (I did not even quite understand the comments :)). As I said, each subsequent invocation of traceroute increased that port no. by one, no matter whether -p is set. > > Even when I invoked traceroute with -P UPD and -p 33434 the source port > > was >35000. > > ??? Sorry, this part of the question has me baffled. I assume you > actually typed UDP, not UPD :^) Yep. Darn typos :) Well, I still think traceroute does work as expected and I am doing something extremely stupid. Has someone a working 4.1.1 ipfw setup that is allowing traceroute? -- Regards from Germany, Thomas Seck _______________________________________________________________________ 1.000.000 DM gewinnen - kostenlos tippen - http://millionenklick.web.de IhrName@web.de, 8MB Speicher, Verschluesselung - http://freemail.web.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011070827.JAA28389>