DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 1 Week Ago
calanon calanon is offline
Port Guard
 
Join Date: Jul 2019
Posts: 38
Default traceroute blocked

I am having problems allowing traceroute through my firewall. I used the following pf rule but when I look at the pflog0 log live traceroute seems to be using different ports:

Code:
pass log proto udp from $mgt to $dmzops port 33433 >< 33626
Reply With Quote
  #2   (View Single Post)  
Old 1 Week Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,797
Default

What ports are being used? Per traceroute(8), if UDP is used for tracing the default base is 33434. The port number used will be (base port)+(number of hops)*(number of queries)-1.

Last edited by jggimi; 1 Week Ago at 02:14 PM. Reason: typo
Reply With Quote
  #3   (View Single Post)  
Old 1 Week Ago
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Posts: 25
Default

Even traceroute seems blocked, you can use options to obtain informations, as '-I' or '- P 1'.

Both options use ICMP Echoe message. The second not run with IPv6.
(In fact, it's necessary to pass ICMP messages ; which is highly suggestable)
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
UDP protocol failed, as well as IPv6. pkgsrc blocked because of ths(IMHO) spermwhale_warrior NetBSD General 5 27th August 2014 09:36 PM
SSH is being blocked from WAN however public IP shown in server log sparky OpenBSD Security 3 29th October 2012 01:29 PM
OpenBSD 4.7 pf and traceroute fbroce OpenBSD Security 5 13th September 2010 09:32 PM


All times are GMT. The time now is 10:31 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick