Date: Tue, 26 Sep 2000 15:55:22 -0400 From: Chip Marshall <chip@setzer.chocobo.cx> To: "O. Hartmann" <ohartman@ipamzlx.physik.uni-mainz.de> Cc: freebsd-questions@freebsd.org Subject: Re: traceroute and IPFirewall Message-ID: <20000926155522.A7962@setzer.chocobo.cx> In-Reply-To: <Pine.BSF.4.21.0009262109240.458-100000@ipamzlx.physik.uni-mainz.de>; from ohartman@ipamzlx.physik.uni-mainz.de on Tue, Sep 26, 2000 at 09:16:30PM %2B0200 References: <Pine.BSF.4.21.0009262109240.458-100000@ipamzlx.physik.uni-mainz.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On September 26, 2000, O. Hartmann sent me the following: > have some basic questions ... We use IPFIREWALL on our boxes and > ICMP is allowed to pass ... ping is possible, but no traceroute. > Any ideas how to fix or to do? Thanks. Are you trying to disallow ping, or allow traceroute? If you're trying to allow traceroute, keep in mind that the outgoing part of a traceroute is a series of UDP packets, not ICMP (in FreeBSD at least. I know Microsoft Windows tracert used ICMP packets.) The manpage for traceroute tells the UDP port range it uses. -- Chip Marshall <chip@chocobo.cx> http://www.chocobo.cx/chip/ Finger for PGP GCM/CS d+(-) s+:++ a18>? C++ UB++++$ P+++$ L- E--- W++ N+@ o K- w O M+ V-- PS PE Y? PGP++ t+@ 5 X R>+ tv+() b++>+++ DI++++ D(-) G++ e>++ h!>++ r-- y- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000926155522.A7962>