Revisiting Traceroute Through ipfw FreeBSD9.x
Martin McCormick
martin at x.it.okstate.edu
Thu Mar 7 21:00:26 UTC 2013
I immediately found several plausible examples of what to put in
the firewall rules file and the following rules were set just
after the local loopback address:
ip="139.78.2.13"
setup_loopback
# Allow traceroute to function, but not to get in.
${fwcmd} add unreach port udp from any to ${ip} 33435-33524
# Allow some inbound icmps - echo reply, dest unreach, source quench,
# echo, ttl exceeded.
${fwcmd} add allow icmp from any to any icmptypes 0,3,4,8,11
My thanks to previous posters for these rules. I still,
however only get
*traceroute: sendto: Permission denied
traceroute: wrote 192.168.1.125 52 chars, ret=-1
I also did try:
sysctl net.inet.udp.blackhole=0
then 1 and even 2 with no change.
What else should I look at? The firewall rules are
otherwise working as they should.
Thank you.
Martin McCormick
More information about the freebsd-questions
mailing list