Mon Sep 29 13:10:36 CEST 2003
I am using fiaif 1.17.1 and want to be able to use traceroute from inside to
but not to be traced from outside to inside. At the moment it don't work
I have to zones: INT(ernal) and EXT(ernal).
In the INT zone I have this as a FORWARD rule: INT ACCEPT udp 33434:33464
In the EXT zone I have this as a FORWARD rule: INT ACCEPT udp 33434:33464
(where NET_DMZ is my network connected to the INT zone)
When I try to trace from inside out I get these message logged:
Sep 29 12:06:02 gw kernel: [FIAIF_DROP]:IN= OUT=eth1 SRC=xxx.xxx.52.153
DST=xxx.xxx.52.156 LEN=66 TOS=0x00 PREC=0xC0 TTL=64 ID=29590 PROTO=ICMP
TYPE=11 CODE=0 [SRC=xxx.xxx.52.156 DST=xxx.xxx.22.29 LEN=38 TOS=0x00
PREC=0x00 TTL=1 ID=61765 PROTO=UDP SPT=61764 DPT=33435 LEN=18 ]
eth1 is the internal interface, connected to the NET_DMZ net
I tried to trace from xxx.xxx.52.156 to some host outside (xxx.xxx.22.29)
the firewall (xxx.xxx.52.153).
How do I configure fiaif to make this work?
More information about the fiaif