On Mon, Apr 22, 2002 at 04:35:38PM +0100, Mark Olliver wrote: > I am using iptables my pc's can traceroute through the firewall however, > the linux machines cannot. > > Does anybody no any reason why this should be, the rules are the same for > both.
Unix traceroute tends to use UDP ports 33435 and above for the outbound packets, whereas windows traceroute ( aka tracert ) using ICMP echo requests - so maybe your ruleset allows outbound pings but doesn't allow those UDP packets out? Linux / GNU traceroute doesn't have a -I flag to use pings for traceroutes, so you'll probably need to alter the rulebase. If iptables doesn't support statefullness for UDP traceroute it sounds like a damn good idea for a module :) -- FunkyJesus System Administration Team
