[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Allowing outgoing traceroutes through NAT

[I posted a similar question on debian-user]

I'm using the Debian package gshield to build my iptables firewall/NAT.

With the firewall running I cannot run traceroutes through the NAT machine to external
machines.  But, I am able to ping from the inside machine to external machines.

I can run traceroutes form the NAT/Firewall machine anyplace.

If I run

  # /etc/init.d/gshield stop
  # iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $external_ip

then I'm able to run the traceroutes from the inside machines through the NAT machine to 
external IPs.  So it seems that gshield is blocking.

I've enabled logging in the gShield.conf file, but I do not see the dropped traceroute 

Anyone familiar with gshield that might know what I need to configure?  Otherwise, what I 
might need to do to allow traceroutes through?


Bill Moseley

Reply to: