Re: allowing icmp still doesn't allow traceroute

From: Alex Kiesel (freebsd@document-root.de)
Date: 02/27/02 

Date: Wed, 27 Feb 2002 23:23:54 +0100
From: Alex Kiesel <freebsd@document-root.de>
To: "Peter C. Lai" <sirmoo@cowbert.2y.net>

On Feb 27, 2002, Peter C. Lai wrote:
> I have:
> 00600 allow icmp from any to any
>
> for ipfw, and i still get sendto Permission denied when
> I try to traceroute.
>
> I later also explicitly defined icmptypes 0,3,8,11,13
> and this does not solve the problem.
>
> any suggestions?

Hi Peter,

use this:

03900 allow udp from any to any 33434-33523

Alex 

-- 
Alex Kiesel                                     PGP Key: 0x09F4FA11
Todays excuse: ATM cell has no roaming feature turned on, notebooks can't connect
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • hosts.allow and RFC931 - was: sshd warning---a lil help?
    ... On Tue, 9 Apr 2002, Peter C. Lai wrote: ... the rules regarding sshd - does this mean that sshd is not protected ... >> b - tried to authenticate via ssh login and succeeded? ...
    (FreeBSD-Security)
  • Re: unusual log in var/log/messages
    ... On Thu, 15 Nov 2001, Peter C. Lai wrote: ... > I have seen this continously when someone is trying to spoof a router. ...
    (FreeBSD-Security)
  • Re: cvsup/install over ssh?
    ... Peter C. Lai wrote: ... >I'd rather advertise my box as FreeBSD and not Linux. ... My FeeeBSD systems saw lots and lots of rpc and other 'linux ...
    (FreeBSD-Security)
  • Re: dc TX underrun leads to delayed crash
    ... On Wed, 30 Jul 2003, Peter C. Lai wrote: ... > threshold), a few minutes later, the system hardlocks requiring a reset. ... after I go back to inspect the logs, ...
    (freebsd-net)
  • Re: dc TX underrun leads to delayed crash
    ... >> is the only thing in the log before the start of the kernel reboot messages. ... >> Peter C. Lai ... Yale University School of Medicine ...
    (freebsd-net)