Date: Tue, 3 Nov 1998 12:00:24 +1300 From: "Dan Langille" <junkmale@xtra.co.nz> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: IPFW problems... Message-ID: <199811022300.MAA19467@cyclops.xtra.co.nz> In-Reply-To: <199811011102.AAA03077@predator.xtra.co.nz> References: <199810291803.HAA15509@witch.xtra.co.nz> from "Dan Langille" at Oct 30, 98 07:03:17 am
next in thread | previous in thread | raw e-mail | index | archive | help
On 1 Nov 98, at 22:02, Darren Reed wrote: > In some mail from Dan Langille, sie said: > > > > On 29 Oct 98, at 21:45, Darren Reed wrote: > > > > > traceroute/UDP was fixed on the weekend last, the pc (ICMP) version > > > may not yet work. > > > > OK. Good! Can you guess when the other version will work? > > My testing shows "traceroute -I" to work properly with NAT. I'm not sure what "traceroute -I" does. I see no such option on traceroute for FreeBSD 2.2.7. As for my traceroute problems, my mind is unclear. I admit that I didn't take full notes. As such, I supply the following in the hopes that it may trigger something when you read it. If it does not, then I will reinstall IP Filter and get the full story. I'm using IP Filter 3.2.9 under FreeBSD 2.2.7 RELEASE. I believe I was able to traceroute when using NAT and without any deny rules. When I tried to add in the example firewall rules (from rules/BASIC_2.FW), I found that disabling the following rule allowed traceroute to work: block in log quick all with short When this rule was present, traceroute did not work at all. -- Dan Langille The FreeBSD Diary http://www.FreeBSDDiary.com/freebsd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811022300.MAA19467>