[EMAIL PROTECTED] writes: > The unix traceroute is based on the fact that you will respond with > a package stating that nothing is listening on that port. That is > normal behaviour if you don't have a firewall DROPping the package.
Yeah, but I didn't realize UDP packets could know anything about the routers in between you and the destination machine. I thought only ICMP packets had that power. > A reject rule might make a unix traceroute already happy (not sure though). > > As to making the traceroute from microsoft work, I am pretty sure it > involves some icmp rule being added, not sure what though. But default > bering only allows icmp type 8 in which is the echo request icmp > packet. Just testing by allowing all icmp in should confirm my suspicion > that it is an icmp related issue. Close it up afterwards again. Why, is there a specific danger to allowing ICMP packets from your internal network to the firewall box? > I will try and network monitor an microsoft traceroute and come back with > a better filtered solution. That'd be great... -- Dan Harkless [EMAIL PROTECTED] http://harkless.org/dan/ ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html