> Hi, > > I am setting up a firewall on CENTOS 4.4. > > > I have enabled ICMP to www.google.com > > iptables -A OUTPUT -p icmp -d 64.233.189.104 -j ACCEPT > iptables -A INPUT -p icmp -s 64.233.189.104 -j ACCEPT > traceroute uses by default UDP with port 33434. br Hi, Thanks for your info. I wrote below 2 rules iptables -A OUTPUT -p udp -d 64.233.189.104 --dport 33434 -j ACCEPT iptables -A INPUT -p udp -s 64.233.189.104 --sport 33434 -j ACCEPT Then I tried as below [root at firebox rc.d]# traceroute 64.233.189.104 traceroute to 64.233.189.104 (64.233.189.104), 30 hops max, 38 byte packets traceroute: sendto: Operation not permitted 1 traceroute: wrote 64.233.189.104 38 chars, ret=-1 *traceroute: sendto: Operation not permitted traceroute: wrote 64.233.189.104 38 chars, ret=-1 *traceroute: sendto: Operation not permitted traceroute: wrote 64.233.189.104 38 chars, ret=-1 * traceroute: sendto: Operation not permitted 2 traceroute: wrote 64.233.189.104 38 chars, ret=-1 But Still the same. WHY? IF my rules are wrong can you rectify it ? -- Marcin Mazurek http://www.netsync.pl/ - :::: - nic-hdl: MM3380-RIPE GnuPG 6687 E661 98B0 AEE6 DA8B 7F48 AEE4 776F 5688 DC89 _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos -- Thank you Indunil Jayasooriya -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070217/19794a82/attachment-0005.html>