On Mon, 9 Jul 2007 16:42 -0400, boxyzzy wrote:
Getting closer ...
123.456.70.66 is my host computer where firewall is being tested.
ping 246.8.161.244 - works.
However, traceroute 246.8.161.244 fails / hangs with this repeated error
message in /var/log/ipmonlog:
03/07/2007 15:07:35.071265 eri0 @0:53 b 123.456.68.1 -> 123.456.70.66 PR icmp
len 20 56 icmp timxceed/transit for 123.456.70.66,52646 - 246.8.161.244,33434
PR udp len 20 40 IN
From the ipfstat below I (think that I) explicitly allow:
1) TCP & UDP access from 123.456.68.1, my subnet gateway (@18, @19).
2) ICMP access from anywhere (@52).
So, again, what am I missing?
---------------------------SNIP---------------------------
Try the following:
traceroute -I %ADDRESS_HERE%
-or-
traceroute -P icmp %ADDRESS_HERE%
Sites outside your lan most likely wont reply to your UDP traceroute
requests. Maybe even on a different sub inside the lan as well.
--
/*-
* @(#)dot.sig 1.6 (Berkeley) 5/9/94
* $Id: dot.sig,v 1.6.1.3 2000/05/09 06:28:40 wh1tef8 Exp $
*/
#include <copyright.h>
#include <disclaimer.h>
#include <insignia.h>
