Re: Traceroute not tracing routes

Thu, 16 Nov 2000 08:11:36 -0800 

Yeah I could see how that would be a problem except for I didn't change
anything and it worked the night before and for the past month.  And the
machines behind it can do a traceroute fine.  I use ipfwadm here is my
ruleset

#==========[Flush...All My Rules]=====================#

ipfwadm -I -f
ipfwadm -F -f
ipfwadm -O -f
ipfwadm -A -f

# Masquerade everything as coming from eth0
ipfwadm -F -a masquerade -S 192.168.100.0/255.255.255.0 -D 0/0

ipfwadm -F -a accept -b -P tcp -S 0/0 1024:65535 -D 192.168.100.2/32 25
ipfwadm -F -a accept -b -P tcp -S 192.168.100.2/32 25 -D 0/0 1024:65535
ipfwadm -F -a accept -b -P tcp -S 0/0 1024:65535 -D 192.168.100.2/32 110
ipfwadm -F -a accept -b -P tcp -S 192.168.100.2/32 110 -D 0/0 1024:65535
ipfwadm -F -a accept -b -P tcp -S 0/0 1024:65535 -D 192.168.100.2 80
ipfwadm -F -a accept -b -P tcp -S 192.168.100.2 80 -D 0/0 1024:65535
ipfwadm -F -a accept -b -P udp -S 0/0 53 -D 192.168.100.0/24
ipfwadm -F -a deny -S 0/0 -D 0/0 -o

#Accounting
/sbin/ipfwadm -A -f
/sbin/ipfwadm -A out -i -S 192.168.100.0/24 -D 0.0.0.0/0
/sbin/ipfwadm -A out -i -S 0.0.0.0/0 -D 192.168.100.0/24
/sbin/ipfwadm -A in -i -S 192.168.100.0/24 -D 0.0.0.0/0
/sbin/ipfwadm -A in -i -S 0.0.0.0/0 -D 192.168.100.0/24


----- Original Message -----
From: "Jack Bowling" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 16, 2000 10:03 AM
Subject: Re: Traceroute not tracing routes


> ** Reply to message from "Drew Hunt" <[EMAIL PROTECTED]> on Thu, 16
> Nov 2000 06:46:08 -0700
>
>
> > I'm running RH 6.2, but have the same problem.  I traced it to the
firewall,
> > having pulled it down momentarily and having the traceroute work
perfectly.
> > One of the first 5 ICMP ports has to be enabled to receive packets, not
just
> > responses with the !-y option, but I don't remember which one.  I never
did
> > fix it myself because I figured it wasn't worth the first few lines of
stars
> > for the compromised stealth.  I already know that they are my firewall,
the
> > cablemodem router, and my ISPs first router respectively.
>
> That would be port 0. An appropriate ipchains rule could be:
>
> ipchains -A input -i ppp0 -p icmp --dport 0 -j ACCEPT -l
>
> There may be a better way to set this up using the "--icmp-type" switch.
>
>
>
>
>
>
> Jack Bowling
> Prince George, BC
> mailto:[EMAIL PROTECTED]
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to