[Shorewall-users] traceroutes from behind shorewall
Thu, 24 Jan 2002 20:55:23 +1000
Tom Eastep wrote:
> On Wednesday 23 January 2002 06:00 pm, Ted Leung wrote:
> > Hi,
> > Is there a good way to enable traceroutes from behind a shorewall
> > firewall?
> If you are running traceroute from a system is zone z1 and the target of the
> traceroute is in zone z2 then:
> ACCEPT z1 z2 udp traceroute
This doesn't work for me on Red Hat 7.1. It seems to need:
ACCEPT z1 z2 udp 33400:33599
or something thereabouts.