From owner-freebsd-questions Tue Sep 26 12:58:13 2000 Delivered-To: freebsd-questions@freebsd.org Received: from ipamzlx.physik.uni-mainz.de (ipamzlx.Physik.Uni-Mainz.DE [134.93.180.54]) by hub.freebsd.org (Postfix) with ESMTP id 7DAE037B424 for ; Tue, 26 Sep 2000 12:58:11 -0700 (PDT) Received: from ipamzlx.Physik.Uni-Mainz.DE (ipamzlx.Physik.Uni-Mainz.DE [134.93.180.54]) by ipamzlx.physik.uni-mainz.de (8.11.0/8.9.3) with ESMTP id e8QJxI502392; Tue, 26 Sep 2000 21:59:18 +0200 (CEST) (envelope-from ohartman@ipamzlx.physik.uni-mainz.de) Date: Tue, 26 Sep 2000 21:59:18 +0200 (CEST) From: "O. Hartmann" To: chip@chocobo.cx Cc: freebsd-questions@freebsd.org Subject: Re: traceroute and IPFirewall In-Reply-To: <20000926155522.A7962@setzer.chocobo.cx> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 26 Sep 2000, Chip Marshall wrote: Thanks, that was the mistake! UDP has to be allowed in the specified port range ... :>On September 26, 2000, O. Hartmann sent me the following: :>> have some basic questions ... We use IPFIREWALL on our boxes and :>> ICMP is allowed to pass ... ping is possible, but no traceroute. :>> Any ideas how to fix or to do? Thanks. :> :>Are you trying to disallow ping, or allow traceroute? If you're trying :>to allow traceroute, keep in mind that the outgoing part of a :>traceroute is a series of UDP packets, not ICMP (in FreeBSD at least. :>I know Microsoft Windows tracert used ICMP packets.) The manpage for :>traceroute tells the UDP port range it uses. :> :>-- :>Chip Marshall http://www.chocobo.cx/chip/ Finger for PGP :>GCM/CS d+(-) s+:++ a18>? C++ UB++++$ P+++$ L- E--- W++ N+@ o K- w O M+ V-- :>PS PE Y? PGP++ t+@ 5 X R>+ tv+() b++>+++ DI++++ D(-) G++ e>++ h!>++ r-- y- :> Gruss O. Hartmann ------------------------------------------------------------------- ohartman@ipamzlx.physik.uni-mainz.de Klimadatenserver des IPA, Universitaet Mainz Netzwerk- und Systembetreuung To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message