[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: how to get traceroute to work?
From:       Mike Tancsa <mike () sentex ! net>
Date:       2002-11-26 16:03:18
[Download RAW message or body]


Traceroute on unix generally uses UDP packets by default.  If you want to 
use ICMP echo, try it with the -P option.  e.g.

traceroute -P ICMP www.yahoo.com

         ---Mike


At 10:32 AM 26/11/2002 -0500, Jeff A. Earickson wrote:
>Hi,
>    I've searched the mailing list archives, and the how-tos, and
>didn't find a clear answer to the question of "block everything,
>yet allow ping and traceroute to the box to work".  In short,
>I have:
>
>block in  all
>block out all
>
>#---now we deal with ICMP packets
>#---let ping work
>pass in   log quick on hme0 proto icmp from any to any icmp-type echo
>pass in   log quick on hme0 proto icmp from any to any icmp-type echorep
>#---let traceroute work
>pass in   log quick on hme0 proto icmp from any to any icmp-type 0
>pass in   log quick on hme0 proto icmp from any to any icmp-type 11
>
>The ping part works, but not traceroute.  Help...
>
>Also, in searching the keywords for icmp-type, I noticed "squench".
>Shouldn't that be either "squelch" or "quench"?  Is this a new word?
>
>--- Jeff

[prev in list] [next in list] [prev in thread] [next in thread]