From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-user+bounces-145479-garchives=archives.gentoo.org@lists.gentoo.org> Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id CD5E1198005 for <garchives@archives.gentoo.org>; Fri, 22 Feb 2013 15:52:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B377521C0C5; Fri, 22 Feb 2013 15:52:27 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 266E0E05EC for <gentoo-user@lists.gentoo.org>; Fri, 22 Feb 2013 15:52:25 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id E6B7A33DFA2 for <gentoo-user@lists.gentoo.org>; Fri, 22 Feb 2013 15:52:24 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: -0.1 X-Spam-Level: X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5.5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no Received: from smtp.gentoo.org ([IPv6:::ffff:127.0.0.1]) by localhost (smtp.gentoo.org [IPv6:::ffff:127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xzweCzoNG9up for <gentoo-user@lists.gentoo.org>; Fri, 22 Feb 2013 15:52:19 +0000 (UTC) Received: from homiemail-a48.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by smtp.gentoo.org (Postfix) with ESMTP id 7612633DF32 for <gentoo-user@gentoo.org>; Fri, 22 Feb 2013 15:52:16 +0000 (UTC) Received: from homiemail-a48.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a48.g.dreamhost.com (Postfix) with ESMTP id 5C46E4F805C for <gentoo-user@gentoo.org>; Fri, 22 Feb 2013 07:52:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=libertytrek.org; h= message-id:date:from:mime-version:to:subject:content-type: content-transfer-encoding; s=libertytrek.org; bh=BfkvGDSN2fg73yr 2O67pltlM21M=; b=Jtdt5gX9P1IIMGxjh1/GcnBCp5kc1kOJF98MxMrQJaEMoTT i7gG6zZENqgmW57Ri3Rd8+u54k/tVmqJ2SKAtz3TAu502pnzKBlkNeZwMLcFrakc XWFSdVoybXs6+sbX1xnJd7HuEAyz2ZbERnmLLLAewWm7k4F+SijoOhYPYuCQ= Received: from [127.0.0.1] (unknown [159.63.145.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: tanstaafl@libertytrek.org) by homiemail-a48.g.dreamhost.com (Postfix) with ESMTPSA id 2E1334F8057 for <gentoo-user@gentoo.org>; Fri, 22 Feb 2013 07:52:15 -0800 (PST) Message-ID: <5127941A.1070903@libertytrek.org> Date: Fri, 22 Feb 2013 10:51:54 -0500 From: Tanstaafl <tanstaafl@libertytrek.org> User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130215 Thunderbird/17.0.3 Precedence: bulk List-Post: <mailto:gentoo-user@lists.gentoo.org> List-Help: <mailto:gentoo-user+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-user.gentoo.org> X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: Gentoo-User <gentoo-user@lists.gentoo.org> Subject: [gentoo-user] traceroute not working Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 23d92a2b-5b0f-484d-a92b-25f47d0d0602 X-Archives-Hash: 0e33534578deeeb321bc038dcbd0d6fa Hi all, Weird, I don't use it much, but needed to run a traceroute today, and it is failing with: # traceroute 192.168.1.4 traceroute to 192.168.1.4 (192.168.1.4), 30 hops max, 60 byte packets send: Operation not permitted I know the problem is in my firewall, because when I stop it, traceroutes work as expected. I have allowed all ICMP in my firewall: Chain INPUT (policy DROP) target prot opt source destination <snip> ACCEPT icmp -- anywhere anywhere icmp any <snip> Chain FORWARD (policy DROP) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp any Chain OUTPUT (policy DROP) target prot opt source destination <snip> ACCEPT icmp -- anywhere anywhere icmp any Any ideas what I'm missing? I can send all of my firewall rules privately if someone thinks I may have something that is dropping these packets before my ALLOW rule kicks in, but I'm fairly sure I have them right... Thanks