• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

iptables Allow Traceroute

C

Chris

Guest
I did some searching here and I found a thread with a good Plesk-friendly iptables script. That script is located here:
http://www.sbctec.com/firewall/iptables.txt

It is working nicely. The only problem for me is that it doesn't allow outside traceroutes to the server. How can I modify that script to allow outside traceroutes successfully?
 
If you want to allow all ICMP -

IPTABLES -A INPUT -p icmp -j ACCEPT

If it's just traceroute you need, but not the rest, then specify

IPTABLES -A INPUT -p icmp --icmp-type 8 -j ACCEPT
 
Thanks, but that didn't seem to help. Added to the script and no change.

I should mention I can ping okay but traceroutes to the server are timing out at the last hop for some reason.
 
Ok, i've been up too late again, change your --icmp-type to 8

I know this is for Echo-reply, but once this is enabled, traceroute works....

According to all the literature, traceroute should be related to types 11 and 30, but I just did testing with one server and only got traceroute when I enabled type 8.
 
Hmm... still no good. I tried positioning it at various points in the script but nothing worked. Traceroutes always start timing out at the last hop. If I type iptables -F the traceroute immediatly completes, so I know it's something in that script that's blocking them.

One oddity I've discovered: It looks like traceroutes from Windows machines will go through fine, but traceroutes from Linux machines timeout at the last hop.
 
You must log in or register to reply here.

Similar threads

F
Question IPv4 forwarding rule
Replies
8
Views
1K
alvarezcruz
alvarezcruz
A
Question Plesk firewall - CrowdSec iptables interaction
Replies
3
Views
929
andg
A
TheColin21
Resolved Docker outbound traffic gets blocked after 18.0.67 Update #3
2
Replies
28
Views
15K
Sebahat.hadzhi
Sebahat.hadzhi
N
Question add IP Addresses to the Firewall module in bulk using import and export function?
Replies
4
Views
5K
nikketrikke
N
Y
Question Issue Implementing Dynamic CORS Headers in Plesk’s Additional NGINX Directives
Replies
1
Views
829
yfain
Y
Back
Top