Subject: Re: How do I traceroute through ipf?
To: None <email@example.com>
From: Alan Barrett <firstname.lastname@example.org>
Date: 01/17/2002 14:01:01
On Thu, 17 Jan 2002, David Laight wrote:
> > How about a udp keep state rule? e.g
> > pass out out quick on ppp0 proto udp all keep state
> But that lets out ALL udp, I don't want my firewall that open.
By default, traceroute sends the first packet to UDP destination port
33434, and increments the port number for each packet sent (and there
are typically 3 packets per hop). If you open a range of 60 UDP
ports (from 33434 to 33493 inclusive) then your users will be able to
traceroute up to 20 hops with 3 probes per hop.
--apb (Alan Barrett)