From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-145479-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id CD5E1198005
	for <garchives@archives.gentoo.org>; Fri, 22 Feb 2013 15:52:37 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id B377521C0C5;
	Fri, 22 Feb 2013 15:52:27 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 266E0E05EC
	for <gentoo-user@lists.gentoo.org>; Fri, 22 Feb 2013 15:52:25 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by smtp.gentoo.org (Postfix) with ESMTP id E6B7A33DFA2
	for <gentoo-user@lists.gentoo.org>; Fri, 22 Feb 2013 15:52:24 +0000 (UTC)
X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5.5
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from smtp.gentoo.org ([IPv6:::ffff:127.0.0.1])
	by localhost (smtp.gentoo.org [IPv6:::ffff:127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id xzweCzoNG9up for <gentoo-user@lists.gentoo.org>;
	Fri, 22 Feb 2013 15:52:19 +0000 (UTC)
Received: from homiemail-a48.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5])
	by smtp.gentoo.org (Postfix) with ESMTP id 7612633DF32
	for <gentoo-user@gentoo.org>; Fri, 22 Feb 2013 15:52:16 +0000 (UTC)
Received: from homiemail-a48.g.dreamhost.com (localhost [127.0.0.1])
	by homiemail-a48.g.dreamhost.com (Postfix) with ESMTP id 5C46E4F805C
	for <gentoo-user@gentoo.org>; Fri, 22 Feb 2013 07:52:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=libertytrek.org; h=
	message-id:date:from:mime-version:to:subject:content-type:
	content-transfer-encoding; s=libertytrek.org; bh=BfkvGDSN2fg73yr
	2O67pltlM21M=; b=Jtdt5gX9P1IIMGxjh1/GcnBCp5kc1kOJF98MxMrQJaEMoTT
	i7gG6zZENqgmW57Ri3Rd8+u54k/tVmqJ2SKAtz3TAu502pnzKBlkNeZwMLcFrakc
	XWFSdVoybXs6+sbX1xnJd7HuEAyz2ZbERnmLLLAewWm7k4F+SijoOhYPYuCQ=
Received: from [127.0.0.1] (unknown [159.63.145.2])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: tanstaafl@libertytrek.org)
	by homiemail-a48.g.dreamhost.com (Postfix) with ESMTPSA id 2E1334F8057
	for <gentoo-user@gentoo.org>; Fri, 22 Feb 2013 07:52:15 -0800 (PST)
Message-ID: <5127941A.1070903@libertytrek.org>
Date: Fri, 22 Feb 2013 10:51:54 -0500
From: Tanstaafl <tanstaafl@libertytrek.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130215 Thunderbird/17.0.3
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: Gentoo-User <gentoo-user@lists.gentoo.org>
Subject: [gentoo-user] traceroute not working
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 23d92a2b-5b0f-484d-a92b-25f47d0d0602
X-Archives-Hash: 0e33534578deeeb321bc038dcbd0d6fa

Hi all,

Weird, I don't use it much, but needed to run a traceroute today, and it 
is failing with:

  # traceroute 192.168.1.4
traceroute to 192.168.1.4 (192.168.1.4), 30 hops max, 60 byte packets
send: Operation not permitted

I know the problem is in my firewall, because when I stop it, 
traceroutes work as expected.

I have allowed all ICMP in my firewall:

Chain INPUT (policy DROP)
target     prot opt source               destination
<snip>
ACCEPT     icmp --  anywhere             anywhere             icmp any
<snip>

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere             icmp any

Chain OUTPUT (policy DROP)
target     prot opt source               destination
<snip>
ACCEPT     icmp --  anywhere             anywhere             icmp any

Any ideas what I'm missing?

I can send all of my firewall rules privately if someone thinks I may 
have something that is dropping these packets before my ALLOW rule kicks 
in, but I'm fairly sure I have them right...

Thanks