Traceroute foloseste UDP ca probe (pe care le trimite cu TTL incrementat) si ICMP ca sa primeasca raspunsurile (ICMP - UDP PORT UNRECHABLE). Deci tu ai filtrat UDP-ul.
Costi said: > Pina acum la reteaua locala nu aveam restrictii. Am mai bagat niste > reguli, si acum nu mai merge calumea traceroute: > > traceroute to www.google.com (216.239.51.101), 30 hops max, 38 byte > packets > 1 server (192.168.0.254) 0.347 ms 0.276 ms 0.241 ms > 2 server (192.168.0.254) 0.286 ms 0.281 ms 0.255 ms > > Uitati ce am facut: > > Pentru cei care nu fac dc++ si sint oameni de inteles: > for a in $IP_TRUSTED > do > $IPTABLES -A FORWARD -i $LAN_IFACE -s $a -j ACCEPT > done > > > > Pentru bulangii cu care nu te intelegi: > > for a in $IP_UNTRUSTED > do > > # > # web traffic > # > > $IPTABLES -A FORWARD -i $LAN_IFACE -p tcp -s $a --dport 80 -j ACCEPT > > # > # ICMP rules > # > > $IPTABLES -A FORWARD -i $LAN_IFACE -p ICMP -s $a -j ACCEPT > > # > # All traffic to ports less than 1024 > # > > $IPTABLES -A FORWARD -i $LAN_IFACE -p tcp -s $a --dport :1024\ > -j ACCEPT > > for d in $DEST_PORTS_ALLOWED #jabber, 8080, etc. > do > $IPTABLES -A FORWARD -i $LAN_IFACE -p tcp -s $a --dport $d \ > -j ACCEPT > done > > done > > > Cred ca traceroute foloseste ICMP. Ping merge, traceroute de ce nu > merge? > > -- > Ce nu te omoara, ti-o intareste. > > --- > Pentru dezabonare, trimiteti mail la > [EMAIL PROTECTED] cu subiectul 'unsubscribe rlug'. > REGULI, arhive si alte informatii: http://www.lug.ro/mlist/ -- Sorin PUFARIN [EMAIL PROTECTED] Linux Registered User #222086 PGP Key: http://Dumnez.EU.ORG/pgp/adonay.asc --- Pentru dezabonare, trimiteti mail la [EMAIL PROTECTED] cu subiectul 'unsubscribe rlug'. REGULI, arhive si alte informatii: http://www.lug.ro/mlist/
