Issue with CSF & traceroutes

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
Root
Junior Member
Posts: 8
Joined: 07 Jan 2007, 10:04
Location: Houston, Texas, U.S.A.
Contact:
Contact Root

Issue with CSF & traceroutes

Post by Root »

I am noticing an issue when performing a traceroute in that the outbound UDP packets are being filtered or blocked by iptables.

Here is a munged snippet from the syslog:
Oct 1 20:05:20 hostname kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=69.93.X.X DST=66.201.X.X LEN=38 TOS=0x00 PREC=0x00 TTL=1 ID=32059 PROTO=UDP SPT=58699 DPT=33435 LEN=18
Oct 1 20:05:26 hostname kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=69.93.X.X DST=66.201.X.X LEN=38 TOS=0x00 PREC=0x00 TTL=1 ID=32060 PROTO=UDP SPT=58699 DPT=33436 LEN=18
Oct 1 20:05:30 hostname kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=69.93.X.X DST=66.201.X.X LEN=38 TOS=0x00 PREC=0x00 TTL=1 ID=32061 PROTO=UDP SPT=58699 DPT=33437 LEN=18
Oct 1 20:05:35 hostname kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=69.93.X.X DST=66.201.X.X LEN=38 TOS=0x00 PREC=0x00 TTL=2 ID=32062 PROTO=UDP SPT=58699 DPT=33438 LEN=18
I realize I could try opening more ports, but I thought there may be a configuration option in CSF that I'm overlooking that specifically relates to traceroutes.

If I need to provide additional information please let me know. Thank you! :)
Top
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

Have you followed the instructions in csf.conf?
# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "20,21,53,113,123,873,953,6277"
Top
Post Reply

Return to “Report Bugs (csf)”