allowing internal machines to traceroute
Ion-Mihai Tetcu
itetcu at tecnik93.com
Tue Jul 22 02:11:55 PDT 2003
On Monday 21 July 2003 22:25, Dennis B. Hopp wrote:
> I have setup a freebsd machine to act as a firewall/NAT device. NAT
> is working fine and the firewall is working but I'm having trouble
> allowing internal machines to do traceroutes.
# TRACEROUTE - Allow outgoing
${fwcmd} add pass udp from any to any 33434-33523 out via ${oif}
# ICMP packets
# Allow all ICMP packets on internal interface
${fwcmd} add pass icmp from any to any via ${iif}
# Allow outgoing pings
${fwcmd} add pass icmp from any to any icmptypes 8 out via ${oif}
${fwcmd} add pass icmp from any to any icmptypes 0 in via ${oif}
More information about the freebsd-ipfw
mailing list