On Wednesday 30 June 2004 11:36 pm, Florian Boelstler wrote:
> Hi,
>
> Antony Stone wrote:
> > Tell us how you handle NEW packets leaving the machine.
>
> Well, I just realized by looking at your reply that I only have set:
>
> $IPTABLES -A OUTPUT -p ICMP --icmp-type echo-request -j ACCEPT
>
> Which of the icmp-type displayed "iptables -p icmp -h" do I need to make
> traceroute work?
>
> By looking at other posts in this thread I've learned that traceroutes
> are done with echo-requests. Is this true for Linux 2.6.6 ?
No, that's true for Windows systems. Unix machines (Linux included) uses
high-port numbered UDP packets.
Therefore you need to allow UDP packets to leave your machine for you to be
able to run traceroute from it.
Regards,
Antony.
--
There's no such thing as bad weather - only the wrong clothes.
- Billy Connolly
Please reply to the list;
please don't CC me.
