From owner-freebsd-questions Tue Sep 26 12:55:25 2000 Delivered-To: freebsd-questions@freebsd.org Received: from hindenburg.eboai.org (hindenburg.eboai.org [206.183.134.245]) by hub.freebsd.org (Postfix) with ESMTP id 1456637B422 for ; Tue, 26 Sep 2000 12:55:24 -0700 (PDT) Received: by hindenburg.eboai.org (Postfix, from userid 1000) id 7C35C3D9F; Tue, 26 Sep 2000 15:55:22 -0400 (EDT) Date: Tue, 26 Sep 2000 15:55:22 -0400 From: Chip Marshall To: "O. Hartmann" Cc: freebsd-questions@freebsd.org Subject: Re: traceroute and IPFirewall Message-ID: <20000926155522.A7962@setzer.chocobo.cx> Reply-To: chip@chocobo.cx References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.1.4i In-Reply-To: ; from ohartman@ipamzlx.physik.uni-mainz.de on Tue, Sep 26, 2000 at 09:16:30PM +0200 X-URL: http://www.chocobo.cx/chip/ X-OS: FreeBSD 3.4-RELEASE i386 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On September 26, 2000, O. Hartmann sent me the following: > have some basic questions ... We use IPFIREWALL on our boxes and > ICMP is allowed to pass ... ping is possible, but no traceroute. > Any ideas how to fix or to do? Thanks. Are you trying to disallow ping, or allow traceroute? If you're trying to allow traceroute, keep in mind that the outgoing part of a traceroute is a series of UDP packets, not ICMP (in FreeBSD at least. I know Microsoft Windows tracert used ICMP packets.) The manpage for traceroute tells the UDP port range it uses. -- Chip Marshall http://www.chocobo.cx/chip/ Finger for PGP GCM/CS d+(-) s+:++ a18>? C++ UB++++$ P+++$ L- E--- W++ N+@ o K- w O M+ V-- PS PE Y? PGP++ t+@ 5 X R>+ tv+() b++>+++ DI++++ D(-) G++ e>++ h!>++ r-- y- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message