Greetings everyone
I've got a public IP address for my gateway. The gateway is doing IP
masquerading for my entire LAN. The gateway also acts as a firewall.
If I take down the firewall (i.e. flush all Input and Output rules) and
just leave masquerading running I can traceroute from the LAN. However,
as soon as I enable the firewall rules, traceroute fails to work.
Does anyone know what changes I should make to my firewall configuration
in order to get traceroute working ? Does it use ICMP + something else ?
If so, which ports/protocol does it use ?
A relevant selection from my current I/O/F rules follows:
LOCALHOST="gateway"
LOCALNET="160.160.100.0/24"
ANYWHERE="0.0.0.0/0"
IFINTERN="160.160.100.1"
IFEXTERN="196.123.123.123"
UNPRIVPORTS="1024:65535"
# Deny anything coming in
"$IPFWADM" -I -p deny
"$IPFWADM" -O -p deny
"$IPFWADM" -F -p deny
# Refuse spoofed packets
"$IPFWADM" -I -a deny -V $IFEXTERN -S $LOCALNET
"$IPFWADM" -I -a deny -V $IFEXTERN -S $IFEXTERN
# Unlimited traffic within the local network
"$IPFWADM" -I -a accept -V $IFINTERN
"$IPFWADM" -O -a accept -V $IFINTERN
# Loopback interface is valid
"$IPFWADM" -I -a accept -V 127.0.0.1
"$IPFWADM" -O -a accept -V 127.0.0.1
# Unlimited ICMP traffic
"$IPFWADM" -I -a accept -P icmp
"$IPFWADM" -O -a accept -P icmp
# Masquerading
"$IPFWADM" -F -a m -W ppp0 -S "$LOCALNET" -D "$ANYWHERE"
Thanks
Henty
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
