I'm using gShield to configure iptables. If I do a traceroute from my internal NAT'ed LAN the first hop is the firewall machine. That machine doesn't respond and shows "* * *" for the times. But machines *after* respond fine.
But if I traceroute from the outside to my firewall/NAT machine then that machine responds. In my INPUT chain I have: ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 And in OUTPUT I have: DROP icmp -- 0.0.0.0/0 0.0.0.0/0 state INVALID If you are familiar with gshield, in my gShield.conf file I have: ICMP_ALLOW_ALL="YES" ICMP_RATE="60/m" ICMP_LOG="YES" TRACE_ALLOW_ALL="YES" And when I try traceroute from the internal lan I do not see anything logged. Thanks, -- Bill Moseley [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
