On Monday 20 May 2002 5:55 pm, Miky J wrote: > The logs seems to show that my traceroute uses udp ... > May 20 18:32:30 linuxfw kernel: IN= OUT=eth0 SRC=x.y.z.195 DST=a.b.c.71 > LEN=74 TOS=0x00 PREC=0x00 TTL=64 ID=4969 DF PROTO=UDP SPT=1066 DPT=53 > LEN=53 May 20 18:32:30 linuxfw kernel: IN= OUT=eth0 SRC=x.y.z.195 > DST=a.b.c.71 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=4982 DF PROTO=UDP SPT=1066 > DPT=53 LEN=53 May 20 18:32:30 linuxfw kernel: IN= OUT=eth0 SRC=x.y.z.195 > DST=a.b.c.71 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=4995 DF PROTO=UDP SPT=1066 > DPT=53 LEN=53
No. These are DNS lookups. DNS uses TCP and UDP ports 53, which you can see here in the DPT=53 fields. I think I've misunderstood something about your setup (or just made an unwarranted assumption - I'm good at those): Are you trying to issue the traceroute command on the firewall machine itself, or are you running traceroute on a machine inside the firewall, to a destination outside ? I ask because the rules you said seemed to be working for you were in the INPUT and OUTPUT chains only, not in the FORWARD chain (which is where I'd expect them to be for a traceroute from one side of the firewall to the other). Remember that traceroute packets (no matter whether they've ICMP or UDP) will all have the same source address, and all have the same destination address, of the machine you're doing the traceroute to (ie no packets ever have a destination address of a router partway along the connection). Therefore you should not need any rules in your INPUT chain to handle packets addressed to the firewall, unless that is the endpoint machine you're tracerouting to (and you want the final hop to work properly, which you may not...) If you want to hide the firewall from showing up in the traceroute, there is a TTL match, which you might be able to use - I'm not sure if the filtering rules are checked before or after the TTL is decremented, and an ICMP packet generated if it's just become zero.... Hope this helps, Antony.
