From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 2E546198005 for ; Fri, 22 Feb 2013 16:41:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3A85921C057; Fri, 22 Feb 2013 16:41:03 +0000 (UTC) Received: from mail-ia0-f175.google.com (mail-ia0-f175.google.com [209.85.210.175]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A32EB21C003 for ; Fri, 22 Feb 2013 16:41:01 +0000 (UTC) Received: by mail-ia0-f175.google.com with SMTP id r4so699703iaj.34 for ; Fri, 22 Feb 2013 08:41:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type; bh=VVwcFOL5kIUlO621DsqwQuXJjdr9kwi28y+Iz9O2pXU=; b=KcBCBCuKHlaHOMTeT6wU4gmFnUKbburoiuili+0UouaHMJ++X9sWFbKPTQ5mmmaOn8 lU9mWWmIlaGiiv/8pv3YcE1xy6Wzs0D9kQHLjtaw11xTKkyF3l4SApYIvJQP8Zvp2dyW HQ8PKXecChmxM0TCsfjHS0gAVA3hHK+PiWm+65tcS+6HRcG57zcQfvNOffadKMRCkkWE U9gq0qullivoiFjTgiVuvfuo/3TxQHXFZxKuxl5ePkQNFGfynw6KvjvKpH0AWgrXTPnW rDs6qG+KUSK19kBrIxjOpfDBSevyUVADGWGChJ3+leGDcqZwjp34IHD006cP/hdMyhaG qC3Q== X-Received: by 10.50.173.6 with SMTP id bg6mr776943igc.102.1361551260861; Fri, 22 Feb 2013 08:41:00 -0800 (PST) Received: from ?IPv6:2001:5c0:1000:a::1fc9? ([2001:5c0:1000:a::1fc9]) by mx.google.com with ESMTPS id gy3sm1897082igc.10.2013.02.22.08.40.59 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 22 Feb 2013 08:41:00 -0800 (PST) Message-ID: <51279F97.5050002@gmail.com> Date: Fri, 22 Feb 2013 11:40:55 -0500 From: Michael Mol User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130205 Thunderbird/17.0.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] traceroute not working References: <5127941A.1070903@libertytrek.org> In-Reply-To: <5127941A.1070903@libertytrek.org> X-Enigmail-Version: 1.5 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2BKDWXTNAGFTLLDDGIXGW" X-Archives-Salt: bb038156-4b92-475c-82a1-2ec06d5b5433 X-Archives-Hash: af58dbb494d8465cebee75248d16802d This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2BKDWXTNAGFTLLDDGIXGW Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 02/22/2013 10:51 AM, Tanstaafl wrote: > Hi all, >=20 > Weird, I don't use it much, but needed to run a traceroute today, and i= t > is failing with: >=20 > # traceroute 192.168.1.4 > traceroute to 192.168.1.4 (192.168.1.4), 30 hops max, 60 byte packets > send: Operation not permitted >=20 > I know the problem is in my firewall, because when I stop it, > traceroutes work as expected. >=20 > I have allowed all ICMP in my firewall: >=20 > Chain INPUT (policy DROP) > target prot opt source destination > > ACCEPT icmp -- anywhere anywhere icmp any > >=20 > Chain FORWARD (policy DROP) > target prot opt source destination > ACCEPT icmp -- anywhere anywhere icmp any >=20 > Chain OUTPUT (policy DROP) > target prot opt source destination > > ACCEPT icmp -- anywhere anywhere icmp any >=20 > Any ideas what I'm missing? >=20 > I can send all of my firewall rules privately if someone thinks I may > have something that is dropping these packets before my ALLOW rule kick= s > in, but I'm fairly sure I have them right... >=20 > Thanks >=20 Try moving your ACCEPT rules for icmp closer to (or all the way to) the t= op. ------enig2BKDWXTNAGFTLLDDGIXGW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRJ5+aAAoJED5TcEBdxYwQz+wH/3lRmfpTxyZ2yQTqT3Am2Cti d/Ls9NSqGda/cWXMGYSmxAOFM+u4fRURx3N3e24TpB1h8mwoAJRixZYu3JYqSBG2 EwO7UPGOrQkpfdFtGn7b78DeyEzTlU7l59E4ql2Lyu8UsPt8YvcIKK/Xs/wQ16DY NzpxJs7B4PmiRQYtPk9W12WTfVdRQpvIrEGY8vI8aA6GmiG5cL9DRchaYKeHTeme 1+nMOanaJ8483bmM1kzBBW7Tktk7uEgk/J7OC0hpWa6+6SsK1E66EhB8tpICs1kv rSLnOvKGo5kpX9CP5nqLoGd46YbVW3iXNpfB2F3WzuYo6NsI5k39+/Ee0m11t0A= =uH2U -----END PGP SIGNATURE----- ------enig2BKDWXTNAGFTLLDDGIXGW--