Stu:
Yes, the source ports are any within the range 32769-65535, and the destination ports are any within the range 33434-33523. -- Bob -- On Tue, 23 Apr 2002, Stewart Thompson wrote: > Hi Bob: > > Thanks for the info. It seems a little broader than I would like. > Does traceroute use any/all of those ports? > > Regards, > > Stu......... > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Bob Sully > Sent: April 23, 2002 5:36 PM > To: Stewart Thompson > Cc: Netfilter@Lists. Samba. Org > Subject: Re: Traceroute and Tracert: > > > Works for me: > > # Enable outgoing TRACEROUTE requests > > iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p UDP \ > --sport 32769:65535 --dport 33434:33523 -s $EXTERNAL_IP \ > -d $ANYWHERE -j ACCEPT > > # If you're masquerading an internal network: > > iptables -A FORWARD -p UDP -s $INTERNAL_NETWORK --sport > 32769:65535 --dport 33434:33523 -j ACCEPT > iptables -A FORWARD -p UDP -d $INTERNAL_NETWORK --sport > 33434:33523 --dport 32769:65535 -j ACCEPT > > HTH -- Bob -- ________________________________________ Bob Sully - Simi Valley, California, USA http://www.malibyte.net "The weather is here - wish you were beautiful." - J. Buffett
