Re: traceroute

[Florian Boelstler <euphoria@web.de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have a similar problem.

My traceroute says:

traceroute to www.google.akadns.net (66.102.11.99), 30 hops max, 38 byte
packets
traceroute: sendto: Operation not permitted
 1 traceroute: wrote www.google.akadns.net 38 chars, ret=-1
[ ... ]

My setup is rather simple. I have "black-boxed" router connected to the
internet, that is able to forward traceroutes. My client is equipped
with netfilter.
When I disable my local netfilter on the client, traceroute works fine.

I use

$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

at the beginning of my firewall script.

Nevertheless traceroute does not work.

Do I miss something?

Thanks.

Cheers,

  Florian


Antony Stone wrote:
> On Wednesday 30 June 2004 2:05 pm, Peter Marshall wrote:
>
>
>>Hi.  I was wondering what I would need for rules to have traceroute work
>>through my firewall.  (I have a box behind the firewall trying to get out
>>using traceroute).
>>
>>I have an allow established connections on my forwared chain, and I am
>>allowing anything from the source IP of the box in question to leave
... It
>>appears that the problem is on the packets comming back in .. but I am not
>>sure what I have to do to fix it ....
>
>
> Allow RELATED packets as well as ESTABLISHED.
>
> Regards,
>
> Antony.
>




...............................

Someone on the net said:
Frank, have you been sniffing medical samples again? - Hawkeye


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFA4zTswT2gPfZm6tURAoOnAKCtHbVHsvg7nrTBCviE4DVydenpQgCfeVuS
jdBS08sKpALhTTMJ+gGYcsc=
=g53n
-----END PGP SIGNATURE-----