[Shorewall-users] traceroutes from behind shorewall

Paul Gear paulgear@bigfoot.com
Thu, 24 Jan 2002 20:55:23 +1000


Tom Eastep wrote:

> On Wednesday 23 January 2002 06:00 pm, Ted Leung wrote:
> > Hi,
> >
> > Is there a good way to enable traceroutes from behind a shorewall
> > firewall?
> >
>
> If you are running traceroute from a system is zone z1 and the target of the
> traceroute is in zone z2 then:
>
> ACCEPT  z1      z2      udp     traceroute

This doesn't work for me on Red Hat 7.1.  It seems to need:
    ACCEPT          z1      z2             udp     33400:33599
or something thereabouts.

Paul
http://paulgear.webhop.net