Allowing outgoing traceroutes through NAT
[I posted a similar question on debian-user]
I'm using the Debian package gshield to build my iptables firewall/NAT.
With the firewall running I cannot run traceroutes through the NAT machine to external
machines. But, I am able to ping from the inside machine to external machines.
I can run traceroutes form the NAT/Firewall machine anyplace.
If I run
# /etc/init.d/gshield stop
# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $external_ip
then I'm able to run the traceroutes from the inside machines through the NAT machine to
external IPs. So it seems that gshield is blocking.
I've enabled logging in the gShield.conf file, but I do not see the dropped traceroute
logged.
Anyone familiar with gshield that might know what I need to configure? Otherwise, what I
might need to do to allow traceroutes through?
Thanks,
--
Bill Moseley
moseley@hank.org
Reply to: