Firewalls: How to allow outbound traceroute

Firewalls
(April 1996)

Indexed By Thread: [Previous] [Next]

Subject:	How to allow outbound traceroute
From:	David Kozinn <david @ monygmc . mony . com>
Date:	Fri, 26 Apr 1996 10:37:04 -0400 (EDT)
To:	firewalls @ greatcircle . com
Reply-to:	dkozinn @ csc . com

(I hope this hasn't come up recently, I lost a bundle of messages from the
list recently.)

I'd like to configure a Cisco 2501 so that it will allow a traceroute to
function from a bastion host (on the internal side of the firewall, of
course) without allowing incoming traceroutes, pings, or anything else that
can be used to probe the internal network. Is it actually possible to do
this and if so, can someone give me a shove in the right direction?

Thanks....
-- 
 David Kozinn                   dkozinn @
 csc .
 com / david @
 mony .
 com
 Computer Sciences Corporation  Under contract to Mutual of New York
 Technology Management Group    +1-201-907-6990

Follow-Ups:

Low cost firewalls?
From: Joseph Seanor <cibir @ netcom . com>
Re: How to allow outbound traceroute
From: woods @ ncar . ucar . edu (Greg Woods)

Indexed By Date	Previous:	discovering what a firewall can pass (Fri Apr 26 08:56:05 CDT 1996) From: uucp @ idm . com
Indexed By Date	Next:	Re: policy vs. implementation From: "W.C. Epperson" <epperson @ vak12ed . edu>
Indexed By Thread	Previous:	discovering what a firewall can pass (Fri Apr 26 08:56:05 CDT 1996) From: uucp @ idm . com
Indexed By Thread	Next:	Re: How to allow outbound traceroute From: woods @ ncar . ucar . edu (Greg Woods)