Hi Guys,
I had a problem about traceroute. Here is my scenario:
localnetwork-->firewall/nat/openbsd-->internet
in my pf.conf
# no restriction on lan
pass quick on $int_if
# allow icmp incoming/outgoing to wan
pass quick on $ext_if inet proto icmp all
@ but this config doesn't work when i tried making a traceroute from my
localnetwork and shows this:
$ traceroute www.google.com
traceroute: Warning: www.google.com has multiple addresses; using 64.233.169.104
traceroute to www.l.google.com (64.233.169.104), 30 hops max, 40 byte packets
1 192.168.245.1 (192.168.245.1) 1.529 ms 4.106 ms 2.121 ms
2 192.168.245.1 (192.168.245.1) 5.035 ms !H 2.120 ms !H 2.171 ms !H
but when i tried adding this in my pf.conf and it works when i traceroute:
pass out on $ext_if inet proto udp all
@but my question, is there another alternative on my pf syntax? if i open all
the udp ports going outside the ext_if, is there a threat on security like DDoS
or torrent access from localnetwork --> internet?
Thanks!
cheers,
kintaro Oe
---------------------------------
Got a little couch potato?
Check out fun summer activities for kids.
