Traceroute

Thomas Bange email hidden
Mon Sep 29 13:10:36 CEST 2003


Hello!

I am using fiaif 1.17.1 and want to be able to use traceroute from inside to
outside,
but not to be traced from outside to inside. At the moment it don't work
either way.

I have to zones: INT(ernal) and EXT(ernal).

In the INT zone I have this as a FORWARD rule: INT ACCEPT udp 33434:33464
NET_DMZ=>0.0.0.0/0
In the EXT zone I have this as a FORWARD rule: INT ACCEPT udp 33434:33464
NET_DMZ=>0.0.0.0/0

(where NET_DMZ is my network connected to the INT zone)

When I try to trace from inside out I get these message logged:

Sep 29 12:06:02 gw kernel: [FIAIF_DROP]:IN= OUT=eth1 SRC=xxx.xxx.52.153
DST=xxx.xxx.52.156 LEN=66 TOS=0x00 PREC=0xC0 TTL=64 ID=29590 PROTO=ICMP
TYPE=11 CODE=0 [SRC=xxx.xxx.52.156 DST=xxx.xxx.22.29 LEN=38 TOS=0x00
PREC=0x00 TTL=1 ID=61765 PROTO=UDP SPT=61764 DPT=33435 LEN=18 ]

eth1 is the internal interface, connected to the NET_DMZ net
I tried to trace from xxx.xxx.52.156 to some host outside (xxx.xxx.22.29)
through
the firewall (xxx.xxx.52.153).

How do I configure fiaif to make this work?

Regards,
Tom



More information about the fiaif mailing list