[Shorewall-users] traceroutes from behind shorewall
Thu, 24 Jan 2002 06:33:56 -0800
On Thursday 24 January 2002 02:55 am, Paul Gear wrote:
> Tom Eastep wrote:
> > On Wednesday 23 January 2002 06:00 pm, Ted Leung wrote:
> > > Hi,
> > >
> > > Is there a good way to enable traceroutes from behind a shorewall
> > > firewall?
> > If you are running traceroute from a system is zone z1 and the target=
> > the traceroute is in zone z2 then:
> > ACCEPT z1 z2 udp traceroute
> This doesn't work for me on Red Hat 7.1. It seems to need:
> ACCEPT z1 z2 udp 33400:33599
> or something thereabouts.
=46rom the man page, it appears that you need to open UDP ports 33434:(33=
number of hops - 1).
Tom Eastep \ A Firewall for Linux 2.4.*
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ firstname.lastname@example.org