Date: Sun, 26 Nov 2000 11:37:21 -0800 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Nuno Teixeira <nuno.teixeira@pt-quorum.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: NATD: failed to write packet back (Permission denied) Message-ID: <20001126113720.A70192@149.211.6.64.reflexcom.com> In-Reply-To: <000b01c057dd$f9423ab0$0200a8c0@n2>; from nuno.teixeira@pt-quorum.com on Sun, Nov 26, 2000 at 07:20:41PM -0000 References: <001701c057c4$1e1ac010$0200a8c0@n2> <20001126110756.C34151@149.211.6.64.reflexcom.com> <000b01c057dd$f9423ab0$0200a8c0@n2>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 26, 2000 at 07:20:41PM -0000, Nuno Teixeira wrote:
> Hi,
>
> I think not. Can you tell me how to add this rule to my ruleset?
The two rules needed to get UNIX-style traceroutes to work are,
Sfwcmd add allow udp from any to any 33434-33474 out via ${oif}
$fwcmd add allow icmp from any to any icmptype 3,11 in via ${oif}
But you already have a more promiscuous rule for ICMP so that is not
needed. 'oif' is your external interface on a gateway machine.
--
Crist J. Clark cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001126113720.A70192>