Hi James,
You are correct in assuming that the traceroute requires a UDP port. The
problem is that traceroute sends out the UDP packets on a random upper
level port (>1023) and then listens for an ICMP reply.
My suggestion is try opening outbound UDP for a single host and see if the
ICMP packets can come back through. Some firewalls have problems handling
the traceroute ICMP replies, but there are a couple of firewalls that I
know of that can handle these replies properly.
Steve
---------------------------------------------------------------
Steve Conner Cypress Consulting, Inc.
sconner @
cycon .
com 703-256-1279
Manager, Research & Development http://www.cycon.com
CYCON Labyrinth, Firewall and Network Address Translator
---------------------------------------------------------------
On Fri, 6 Sep 1996, James Rippas (Technology) wrote:
> Hi,
>
> I'd like to know what ports/protocol I need to permit through a packet filter
> for traceroute to work. I've tried just ICMP/traceroute, but that doesn't
> work. I suspect I need to let a UDP port through, but I'm not sure.
>
> Thanks,
>
> -jim
>
References:
-
traceroute
From: "James Rippas (Technology)" <jrippas @
fcmc .
com>
|
|
