[Techtalk] Firewall blocking traceroute
Terri Oda
terri at zone12.com
Sun Aug 1 18:06:41 EST 2004
My router/firewall seems to work fine if I want to ping something, but
won't let me traceroute. I don't have any trouble if I connect to the
modem directly, but I have trouble when I go through the firewall.
As far as I can tell from docs online, it should work as long as I can
receive and send ICMP packets. But even when I allow those in, I don't
get past my router on traceroute.
The firewall rules I was trying are (roughly) this:
allow [the Internet] to send [this machine] ICMP
allow [machines inside my LAN] to send [the Internet] anything
deny [the Internet] from sending [machines inside my LAN] anything
(other than ICMP)
I'm clearly missing something for the traceroute, but I my google
searches haven't turned up anything that suggests I need anything other
than ICMP.
(And yes, I realize that firewall isn't particularly strict, but I
thought it best to leave it fairly open while I'm trying to figure
things out. If anyone's got documents on firewall rules they want to
recommend, though, it can't hurt. :) )
More information about the Techtalk
mailing list