ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Issue with CSF & traceroutes

https://mail.forum.configserver.com/viewtopic.php?t=1698

Page 1 of 1

Issue with CSF & traceroutes

Posted: 02 Oct 2008, 07:56
by Root
I am noticing an issue when performing a traceroute in that the outbound UDP packets are being filtered or blocked by iptables.

Here is a munged snippet from the syslog:
Oct 1 20:05:20 hostname kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=69.93.X.X DST=66.201.X.X LEN=38 TOS=0x00 PREC=0x00 TTL=1 ID=32059 PROTO=UDP SPT=58699 DPT=33435 LEN=18
Oct 1 20:05:26 hostname kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=69.93.X.X DST=66.201.X.X LEN=38 TOS=0x00 PREC=0x00 TTL=1 ID=32060 PROTO=UDP SPT=58699 DPT=33436 LEN=18
Oct 1 20:05:30 hostname kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=69.93.X.X DST=66.201.X.X LEN=38 TOS=0x00 PREC=0x00 TTL=1 ID=32061 PROTO=UDP SPT=58699 DPT=33437 LEN=18
Oct 1 20:05:35 hostname kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=69.93.X.X DST=66.201.X.X LEN=38 TOS=0x00 PREC=0x00 TTL=2 ID=32062 PROTO=UDP SPT=58699 DPT=33438 LEN=18
I realize I could try opening more ports, but I thought there may be a configuration option in CSF that I'm overlooking that specifically relates to traceroutes.

If I need to provide additional information please let me know. Thank you! :)

Posted: 11 Oct 2008, 09:35
by chirpy
Have you followed the instructions in csf.conf?
# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "20,21,53,113,123,873,953,6277"
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited