RE: Traceroute and Tracert:

Stewart Thompson Tue, 23 Apr 2002 18:33:55 -0700

Hi Bob:

        Thanks for the info. It seems a little broader than I would like.
Does traceroute use any/all of those ports?


Regards,

Stu.........


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Bob Sully
Sent: April 23, 2002 5:36 PM
To: Stewart Thompson
Cc: Netfilter@Lists. Samba. Org
Subject: Re: Traceroute and Tracert:


Works for me:

# Enable outgoing TRACEROUTE requests

 iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p UDP \
    --sport 32769:65535 --dport 33434:33523 -s $EXTERNAL_IP \
    -d $ANYWHERE -j ACCEPT

# If you're masquerading an internal network:

 iptables -A FORWARD -p UDP -s $INTERNAL_NETWORK --sport
    32769:65535 --dport 33434:33523 -j ACCEPT
 iptables -A FORWARD -p UDP -d $INTERNAL_NETWORK --sport
    33434:33523 --dport 32769:65535 -j ACCEPT

HTH -- Bob


On Tue, 23 Apr 2002, Stewart Thompson wrote:

> Hi All:
>
>         Can anyone tell me the rules to allow Linux Traceroute, and DOS
> tracert from inside
> the firewall. The default policy is to drop all. I am not sure of the
exact
> ports and protocols to
> open up. Using Redhat 7.20 Kernel 2.4.9 and iptables 1.24. Thanks.
>
> Stu.......

--
________________________________________
Bob Sully - Simi Valley, California, USA
http://www.malibyte.net

"The weather is here - wish you were beautiful." - J. Buffett

RE: Traceroute and Tracert:

Reply via email to