Date: Tue, 24 Apr 2001 12:50:36 +0200 (CEST) From: Dan Larsson <dl@tyfon.net> To: FreeBSD Questions List <questions@freebsd.org> Subject: trouble getting traceroutes to work through stateful firewall Message-ID: <20010424122948.P15476-100000@hq1.tyfon.net>
next in thread | raw e-mail | index | archive | help
I've switched to stateful packetfiltering. Now traceroutes doesn't work through the firewall anymore. This is the firewall rule that ipfw uses 04000 allow ip from 10.0.0.0/24 to any keep-state in recv ed0 This is the rule that gets created 04000 0 0 (T 0, # 129) ty 0 udp, 10.0.0.233 44889 <-> 216.136.204.21 33435 04000 0 0 (T 0, # 132) ty 0 udp, 10.0.0.233 44889 <-> 216.136.204.21 33438 04000 0 0 (T 0, # 134) ty 0 udp, 10.0.0.233 44889 <-> 216.136.204.21 33436 04000 0 0 (T 0, # 135) ty 0 udp, 10.0.0.233 44889 <-> 216.136.204.21 33437 I can traceroute from the box itself but not from machines behind it. (This is on a FreeBSD-4.3 STABLE machine with NAT) What am I missing here? Regards +------ Dan Larsson | Tel: +46 8 550 120 21 Tyfon Svenska AB | Fax: +46 8 550 120 02 GPG and PGP keys | finger dl@hq1.tyfon.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010424122948.P15476-100000>