From owner-freebsd-questions Tue Jan 9 10:43:35 2001 Delivered-To: freebsd-questions@freebsd.org Received: from sm5.texas.rr.com (unknown [24.93.35.219]) by hub.freebsd.org (Postfix) with ESMTP id 915E737B6AA for ; Tue, 9 Jan 2001 10:43:16 -0800 (PST) Received: from satx.rr.com (cs160144-62.satx.rr.com [24.160.144.62]) by sm5.texas.rr.com (8.11.0/8.11.1) with ESMTP id f09JbXe12891 for ; Tue, 9 Jan 2001 13:37:33 -0600 Message-ID: <3A5B5BBE.6E471EB6@satx.rr.com> Date: Tue, 09 Jan 2001 12:43:10 -0600 From: blaz X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.4.0 i686) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: traceroute continued. Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG still no luck with getting machines behind firewall to be able to use traceroute -- just from firewall: here are all of my rules concerning this issue, maybe someone with a lot more experience than me can help me out.. # TRACEROUTE - Allow outgoing ${fwcmd} add pass udp from any to any 33434-33523 out via ${oif} ### ICMP RULES # ICMP packets # Allow all ICMP packets on internal interface ${fwcmd} add pass icmp from any to any via ${iif} # Allow outgoing pings ${fwcmd} add pass icmp from any to any icmptypes 8 out via ${oif} ${fwcmd} add pass icmp from any to any icmptypes 0 in via ${oif} # Allow Destination Unreachable, Source Quench, Time Exceeded, and Bad Header ${fwcmd} add pass icmp from any to any icmptypes 3,4,11,12 via ${oif} # Deny the rest of them ${fwcmd} add deny icmp from any to any ### MISCELLANEOUS REJECT RULES # Reject broadcasts from outside interface ${fwcmd} add 63000 deny ip from any to 0.0.0.255:0.0.0.255 in via ${oif} # Reject&Log SMB connections on outside interface ${fwcmd} add 64000 deny log udp from any to any 137-139 via ${oif} # Reject&Log all other connections from outside interface ${fwcmd} add 65000 deny log ip from any to any via ${oif} To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message