Fwd: HOW to enable traceroute with IPTABLES

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> Hi,
>
> I am setting up a firewall on CENTOS 4.4.
>
>
> I have enabled ICMP to www.google.com
>
> iptables -A OUTPUT -p icmp -d 64.233.189.104 -j ACCEPT
> iptables -A INPUT -p icmp -s 64.233.189.104 -j ACCEPT
>

traceroute uses by default UDP with port 33434.

br

Hi,

Thanks for your info.

I wrote below 2 rules

iptables -A OUTPUT -p udp -d 64.233.189.104 --dport 33434 -j ACCEPT
iptables -A INPUT -p udp -s 64.233.189.104 --sport 33434 -j ACCEPT

Then I tried as below

[root@firebox rc.d]# traceroute 64.233.189.104
traceroute to 64.233.189.104 (64.233.189.104), 30 hops max, 38 byte packets
traceroute: sendto: Operation not permitted
 1 traceroute: wrote 64.233.189.104 38 chars, ret=-1
 *traceroute: sendto: Operation not permitted
traceroute: wrote 64.233.189.104 38 chars, ret=-1
 *traceroute: sendto: Operation not permitted
traceroute: wrote 64.233.189.104 38 chars, ret=-1
 *
traceroute: sendto: Operation not permitted
 2 traceroute: wrote 64.233.189.104 38 chars, ret=-1

But Still the same.

WHY?

IF my rules are wrong can you rectify it ?

--
Marcin Mazurek

http://www.netsync.pl/  -  ::::  -  nic-hdl: MM3380-RIPE
GnuPG 6687 E661 98B0 AEE6 DA8B  7F48 AEE4 776F 5688 DC89

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


--
Thank you
Indunil Jayasooriya
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux