Iptables: External traceroute works. Internal doesn't.

To: debian-user@lists.debian.org
Subject: Iptables: External traceroute works. Internal doesn't.
From: Bill Moseley <moseley@hank.org>
Date: Mon, 8 Sep 2003 22:15:03 -0700
Message-id: <[🔎] 20030909051503.GA6186@hank.org>
Mail-followup-to: moseley@hank.org, debian-user@lists.debian.org

I'm using gShield to configure iptables.

If I do a traceroute from my internal NAT'ed LAN the first hop is the 
firewall machine.  That machine doesn't respond and shows "* * *" for 
the times.  But machines *after* respond fine.

But if I traceroute from the outside to my firewall/NAT machine then 
that machine responds.

In my INPUT chain I have:

ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          limit: avg 1/sec burst 5

And in OUTPUT I have:

DROP       icmp --  0.0.0.0/0            0.0.0.0/0          state INVALID


If you are familiar with gshield, in my gShield.conf file I have:

ICMP_ALLOW_ALL="YES"
ICMP_RATE="60/m"
ICMP_LOG="YES"
TRACE_ALLOW_ALL="YES"

And when I try traceroute from the internal lan I do not see anything 
logged.

Thanks,



-- 
Bill Moseley
moseley@hank.org

Reply to:

Prev by Date: Re: Broken Zope, Python, xbase-clients, etc
Next by Date: Re: XFree86 + Signal 11 = Bad Juju
Previous by thread: Friend, Please Confirm Your Subscription!
Next by thread: Laptop with new X server
Index(es):
- Date
- Thread