On 02/22/2013 10:51 AM, Tanstaafl wrote:
> Hi all,
> 
> Weird, I don't use it much, but needed to run a traceroute today, and it
> is failing with:
> 
>  # traceroute 192.168.1.4
> traceroute to 192.168.1.4 (192.168.1.4), 30 hops max, 60 byte packets
> send: Operation not permitted
> 
> I know the problem is in my firewall, because when I stop it,
> traceroutes work as expected.
> 
> I have allowed all ICMP in my firewall:
> 
> Chain INPUT (policy DROP)
> target     prot opt source               destination
> <snip>
> ACCEPT     icmp --  anywhere             anywhere             icmp any
> <snip>
> 
> Chain FORWARD (policy DROP)
> target     prot opt source               destination
> ACCEPT     icmp --  anywhere             anywhere             icmp any
> 
> Chain OUTPUT (policy DROP)
> target     prot opt source               destination
> <snip>
> ACCEPT     icmp --  anywhere             anywhere             icmp any
> 
> Any ideas what I'm missing?
> 
> I can send all of my firewall rules privately if someone thinks I may
> have something that is dropping these packets before my ALLOW rule kicks
> in, but I'm fairly sure I have them right...
> 
> Thanks
> 

Try moving your ACCEPT rules for icmp closer to (or all the way to) the top.