tech-net: Re: How do I traceroute through ipf?

Subject: Re: How do I traceroute through ipf?
To: David Laight <david@nohope.l8s.co.uk>
From: Darren Reed <darrenr@reed.wattle.id.au>
List: tech-net
Date: 01/31/2002 01:43:26

In some email I received from David Laight, sie wrote:
> My attempts to traceroute get stomped by my ipf configuration:
> 
> % traceroute www.dilbert.com
> 
> Jan 16 22:35:24 snowdrop ipmon[108]: 22:35:24.160418             ppp0
> @150:4 b 213.122.108.22,33099 -> 65.114.4.69,33435 PR udp len 20 10240 
> OUT 
> 
> Unfortunately this seems to be a udp packet from a random port to a
> random port - and I don't want the filters open that far.  I presume the
> destination port is really irrelevant and maybe port 9 (discard) would
> be more appropriate?

Go read about how traceroute works.  Port 9 is not more appropriate.

Or use the ICMP version of traceroute.