Works for me:
# Enable outgoing TRACEROUTE requests
iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p UDP \
--sport 32769:65535 --dport 33434:33523 -s $EXTERNAL_IP \
-d $ANYWHERE -j ACCEPT
# If you're masquerading an internal network:
iptables -A FORWARD -p UDP -s $INTERNAL_NETWORK --sport
32769:65535 --dport 33434:33523 -j ACCEPT
iptables -A FORWARD -p UDP -d $INTERNAL_NETWORK --sport
33434:33523 --dport 32769:65535 -j ACCEPT
HTH -- Bob
On Tue, 23 Apr 2002, Stewart Thompson wrote:
> Hi All:
>
> Can anyone tell me the rules to allow Linux Traceroute, and DOS
> tracert from inside
> the firewall. The default policy is to drop all. I am not sure of the exact
> ports and protocols to
> open up. Using Redhat 7.20 Kernel 2.4.9 and iptables 1.24. Thanks.
>
> Stu.......
--
________________________________________
Bob Sully - Simi Valley, California, USA
http://www.malibyte.net
"The weather is here - wish you were beautiful." - J. Buffett
