running a trace route through securepoint provides not info

ajl119 · Beitrag von **ajl119** » Mi 16.01.2008, 17:59

Outbound access has been configured to allow anything to anything.

However when running a 'tracert' (From internal windows machine) or 'traceroute' (From internal linux machine), no hop or router information is provided as it should be!

Surely 'icmp-traceroute' etc.. should be allowed back as it is an outbound connection and therefore established and related.

Thanks in advance

ajl119 · Beitrag von **ajl119** » Mi 16.01.2008, 18:00

Outbound-Zugang konfiguriert wurde, damit etwas zu tun.

Jedoch, wenn Sie einen "tracert" (Aus internen Windows-Maschine) oder "Traceroute" (Aus internen Linux-Rechner), keine Hop-oder Router-Informationen ist, wie er sein sollte!

Sicherlich "icmp-traceroute" usw.. Sollten die Möglichkeit zurück, da es sich um eine ausgehende Verbindung und somit festgestellt und damit zusammenhängende.

Vielen Dank im Voraus

achim · Beitrag von **achim** » Do 17.01.2008, 10:26

there is a post describing how to enable/allow traceroute:
http://www.securepoint.de/support/topic.php?id=370

in english:

- log in to the Security Manager (SM)
- choose Firewall -> Services (Dienste)
- create a new group "tracert"
- find the service "icmp-time-exeeded" and rename it in "icmp-time-exeeded-related"
- create a new service "tracert": UDP, sourceport

65535, destinationport: 33434:33523

drag the following services into the group "tracert"
- tracert
- icmp-time-exeeded-related
- icmp-echo-reply
- icmp-echo-req

make a rule in: "Firewall -> Portfilter"

rule:
from: Internal_Network -> Interntet; group: "tracert"

should work

achim

ajl119 · Beitrag von **ajl119** » Do 17.01.2008, 22:03

That is great. Thank you, it worked perfectly :-)