[nsp] traceroute filtering

From: A Routerman (routerman@briefcase.com)
Date: Fri Feb 11 2000 - 14:26:25 EST


On our border router I filter icmp, traceroutes, etc.
Have a system that needs to be able to ping and traceroute outbound. Need advise on how to narrow down the filter. It works if I say permit icmp any host 10.1.2.3
If I say permit icmp any host 10.1.2.3 echo (and echo-reply and traceroute and time-exceeded) it doesn't work completely. By that I mean I can traceroute out through UUNET but once it traverses to another AS it stops for traceroutes.

Ideas? Thanks
______________________________________________________________________
Get Visto.com! Private groups, event calendars, email, and much more.
Visto.com. Life on the Dot.
Check it out @ http://www.visto.com/info



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:10 EDT