[Fwbuilder-discussion] fwbuilder & traceroute
Brought to you by:
mikehorn
Menu
▾
▴
[Fwbuilder-discussion] fwbuilder & traceroute
|
From: Martin R. <mar...@ya...> - 2004-11-18 17:00:24
|
Hi, I have an iptables rule set to allow ICMP unreachables (Rule 0) and also allow all other traffic (Rule 1) (it's in a lab so I don't care about security right now). I built my ruleset using fwbuilder. Rule 0 allows me to traceroute to the firewall and it responds: traceroute Dom01 traceroute: Warning: Multiple interfaces found; using 206.116.76.131 @ hme0 traceroute to nmDomNATfw01 (137.1.4.2), 30 hops max, 40 byte packets 1 206.116.76.156 2.389 ms 3.869 ms 3.309 ms 2 139.40.0.2 3.253 ms 0.769 ms 0.604 ms 3 137.1.4.2 0.611 ms 0.542 ms 0.579 ms If I traceroute through the firewall, it does not respond to traceroute: traceroute gearLINNE_s01 traceroute: Warning: Multiple interfaces found; using 206.116.76.131 @ hme0 traceroute to gearLINNE_s01 (132.52.145.5), 30 hops max, 40 byte packets 1 206.116.76.156 2.935 ms 2.385 ms 1.834 ms 2 139.40.0.2 3.161 ms 0.785 ms 0.559 ms 3 * * * 4 132.52.145.5 4.510 ms 1.262 ms 1.085 ms How can I fix this? Here is my rule set as generated by fwbuilder: Rule 0(global) + iptables -N Cid419B703B.0 + iptables -A INPUT -p icmp --icmp-type 3 -m state --state NEW -j Cid419B703B.0 + iptables -A Cid419B703B.0 -s 206.116.76.179 -j ACCEPT + iptables -A Cid419B703B.0 -s 206.116.76.128/27 -j ACCEPT + iptables -N Cid419B703B.1 + iptables -A FORWARD -p icmp --icmp-type 3 -m state --state NEW -j Cid419B703B.1 + iptables -A Cid419B703B.1 -s 206.116.76.179 -j ACCEPT + iptables -A Cid419B703B.1 -s 206.116.76.128/27 -j ACCEPT + echo 'Rule 1(global)' Rule 1(global) + iptables -A OUTPUT -m state --state NEW -j ACCEPT + iptables -A INPUT -m state --state NEW -j ACCEPT + iptables -A FORWARD -m state --state NEW -j ACCEPT + echo 1 Thanks Martin __________________________________ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com |