Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a firewall set up on a Red Hat 9 machine using IPTABLES and all seems to be secure and working as it should and if I use traceroute it works as expected.
On a Debian sid machine connected on the LAN to the Red Hat machine with firewall, network applications (ping, slogin, sftp etc) to external sites are all working as expected with the exception of traceroute.
Instead of getting the names back of the hosts on each step of the route, all I get is
* * * * *
Can anybody advise me as to the necessary IPTABLE rules for getting traceroute to work behind the firewall?
Presumably I am okay on those points, since traceroute works on the firewall machine but behind the firewall.
But you comment about ICMP has caused me to remember that I still had IPTABLES rules active on the internal machine (because it has an analog modem dialout connection), which it turns out are the cause of the problem.
But the odd thing which remains is that from the firewall machine I see
1 my.internet.ip my.isp 41.849 ms 19.570 ms 13.178 ms
2 at-0-1-0-41.adsl2.02bnc.skynet.be (194.78.255.249) 13.379 ms 13.938 ms 37.186 ms
3 ae1-0.intlbnc3.skynet.be (194.78.0.142) 104.867 ms 16.591 ms 13.395 ms
4 gigabitethernet8-0.hsa2.Brussels1.Level3.net (212.3.234.21) 12.760 ms 13.563 ms 12.438 ms
but on the other machine I still get one entry blanked out
1 firewall_machine (192.168.1.2) 1 ms 0 ms 0 ms
2 * * * <<<<<<<<<----- where my.ip my.isp details should be
3 at-0-1-0-41.adsl2.02bnc.skynet.be (194.78.255.249) 13 ms 16 ms 12 ms
4 ae1-0.intlbnc3.skynet.be (194.78.0.142) 13 ms 117 ms 25 ms
Can you explain that one?
But thanks once again for helping me to solve the main problem.
ICMPs were being blocked -- not as it turned out from the firewall machine but by the firewall rules on the machine itself.
The "easiest" way to troubleshoot firewall rulesets IMHO is to insert LOG target rules before making any final "destructive" decisions (DROP|REJ) in a chain. This allows you to track what get's dropped or rejected instead of forwarded, squished, smashed, mangled or whatever cruelties one tends to inflict on them packets.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.