Hi
all i found using traceroute -I server, worked in the end. However, a traceroute udp module would be quite a good idea. Thanks Mark -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: 22 April 2002 17:10 To: Netfilter Mailing List Subject: Re: traceroute stopped working On Mon, Apr 22, 2002 at 04:35:38PM +0100, Mark Olliver wrote: > I am using iptables my pc's can traceroute through the firewall however, > the linux machines cannot. > > Does anybody no any reason why this should be, the rules are the same for > both. Unix traceroute tends to use UDP ports 33435 and above for the outbound packets, whereas windows traceroute ( aka tracert ) using ICMP echo requests - so maybe your ruleset allows outbound pings but doesn't allow those UDP packets out? Linux / GNU traceroute doesn't have a -I flag to use pings for traceroutes, so you'll probably need to alter the rulebase. If iptables doesn't support statefullness for UDP traceroute it sounds like a damn good idea for a module :) -- FunkyJesus System Administration Team
