[atlas] traceroute via ICMP?
Jan Hugo Prins jprins at betterbe.com
Wed Oct 10 11:39:52 CEST 2012
On 10/10/2012 11:29 AM, Jens Weibler wrote: > Hi, > > how is the development of traceroute via ICMP going? > My central firewall team doesn't like opening many udp-ports for > traceroute :( > As far as I know you can make traceroute work by sending ICMP Rejects on the corrent ports. So you don't have to open any firewall to make this work. I have the following rules in my ruleset to make traceroute and tracepath work: iptables -A INPUT -p udp --dport 33434:33523 -j REJECT --reject-with icmp-port-unreachable iptables -A INPUT -p udp --dport 44450:44500 -j REJECT --reject-with icmp-port-unreachable -- Met vriendelijke groet / Best regards, Jan Hugo Prins Infra consultant E: jprins at betterbe.com T: +31-53-4800694 M: +31-6-26358951 S: jhaprins W: www.betterbe.com