[SOLVED] Need Help: tracert command

Hello everybody,

Please help me to add rule for “tracert” in shorewall.
I wish to run “tracert” from GREEN, ORANGE and BLUE.

I’m not a programmer so please treat me like a “monkey” who want to use NS!

Thank you in advance!


Hi, what do you mean? in linux it is traceroute command
-i interface
Specifies the interface through which traceroute should send packets. By default, the interface is selected according to the routing table.

Hi Nas,

I cannot tracert from GREEN. Ping is allowed.

I just read here how, but …



it is simple to implement, make custom template in shorewall

1 Like

I know it is simple. For you.
I give :beers: & :pizza:

so make a trick :
mkdir -p /etc/e-smith/templates-custom/etc/shorewall/rules
touch /etc/e-smith/templates-custom/etc/shorewall/rules/90icmp_green
vi /etc/e-smith/templates-custom/etc/shorewall/rules/90icmp_green


use esmith::NetworksDB;
my $ndb = esmith::NetworksDB->open_ro();
if ($ndb->green()) {
$OUT.="?COMMENT Allow ICMP from green\n";
$OUT.=“Trcrt/ACCEPT loc net\n”;
Finally run
signal-event firewall-adjust

I think I did something wrong.
Not working.

Is not e-smith instead of esmith ?

Look at /etc/shorewall/rules you should see section 90icmp after you run signal-event firewall-adjust. Or you could run shorewall check and after it Try to make tracert command.


Still not working.

Hi Nas,

I think I did something wrong before to ask for help and maybe that be the cause.

I tried to create a service according this doc: http://docs.nethserver.org/projects/nethserver-devel/en/latest/services.html#add-a-new-service

The service was created but I could not make it to run.

After that I saw ping under shorewall …

Now I disabled the service but I don’t know how can I remove it. How can I remove the service?

db configuration delete tracert
singnal-event firewall-adjust

and put TAB in template beetwen Accept loc net icmp, you see you should have enrty like 90dns_blue

  1. db configuration delete tracert - OK!
  2. put TAB in template beetwen Accept loc net icmp, you see you should have enrty like 90dns_blue - OK!
  3. signal-event firewall-adjust - Done
  4. tracert - Fail

Hi Nas,

Stupid question: for tracert isn’t need that the port UDP 33434 to be specified … somewhere?

First show what is in /var/log/messages while you making tacert
try to add
ACCEPT:info $FW net icmp

i have no way to reproduce, you could wrtie me on skype

Thank you Nas but I don’t want to waste your time with me!

I use this configuration of NethServer at my home for tests (I was on vacation till yesterday and I spent some time to learn NS better).
From Monday I will be at my office and I’ll test NS as e-mail server in DMZ to replace Zentyal.

Anyway, I think that tracert must be enabled by default, for all “inside” zones (GREEN, ORANGE, BLUE). I use this for many times. It’s a very usefull tool.

Thank you again!

I found one contact “fedai” from Ukraine on Skype. Is that you?

my skype nassir_911
and we should investigate the issues and build Feature or fork on GIT

If U have zentyal could you pls export ldap user by phpldapadmin?

I will try.

My Zentyal (4.0.9 version) is a standalone multi-domain email server only, placed in DMZ.
The users and their email account are local (on Zentyal), not related to the windows PDC/AD server.
(nassir911 ?)

yep Brazil is mine :slight_smile: skype :slight_smile: