[Shorewall-users] traceroutes from behind shorewall

Tom Eastep teastep@shorewall.net
Thu, 24 Jan 2002 06:30:23 -0800


On Thursday 24 January 2002 02:55 am, Paul Gear wrote:
> Tom Eastep wrote:
> > On Wednesday 23 January 2002 06:00 pm, Ted Leung wrote:
> > > Hi,
> > >
> > > Is there a good way to enable traceroutes from behind a shorewall
> > > firewall?
> >
> > If you are running traceroute from a system is zone z1 and the target=
 of
> > the traceroute is in zone z2 then:
> >
> > ACCEPT  z1      z2      udp     traceroute
>
> This doesn't work for me on Red Hat 7.1.  It seems to need:
>     ACCEPT          z1      z2             udp     33400:33599
> or something thereabouts.

Thanks, Paul..

-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net