Subject: Re: Traceroute doesn't work
From: Ken Schweigert (ken@byte-productions.com)
Date: Fri Jan 11 2002 - 09:48:58 MST
To expand a little bit:
It is very possible that there is a firewall, or firewalling rules,
preventing this. However, if these requests are being blocked,
traceroute will usually output the "timeout" asterisks.
[root@byte-8 /root]# /usr/sbin/traceroute 192.168.0.10
traceroute to 192.168.0.10 (192.168.0.10), 30 hops max, 38 byte packets
1 * * *
2 * * *
Typically, traceroute will send UDP packets in the port ranges of
33434 to 33523, unless passed the -I switch which will send ICMP
ECHO requests instead of UDP.
Some SysAdmins will put ipchains/iptables rules that block and/or
log requests for this port range. Mainly to learn if someone is
trying to gather information on their network.
If you're curious:
[root@here /root]# ipchains -I input -s 0/0 -d 0/0 33434:33523 -p udp -j DENY -l
and scan your /var/log/messages file for IP addresses you don't
recognize.
-- -Ken Schweigert, Aspiring Network Administrator Byte Productions, LLC http://www.byte-productions.comOn Fri, Jan 11, 2002 at 08:50:45AM -0600, Gordon Neault wrote: > Some notes re: traceroute. I have no idea if they can help, or even > apply to your situation. It's just that the LinuxPPC and YDL lists both > have a thread named "Traceroute doen't work", so here is the stuff from > LinuxPPC, in abbreviated form. > > Erik wrote: > If you are using a firewall it might very well be blocking your > traceroute > traffic. > > Kiran wrote: > My old ISP used to block ICMP traffic thus I could not ping or > traceroute in or out. This may be on your end with your system > configuration (firewall or otherwise).ICMP is usualy allowed by default.
This archive was generated by hypermail 2a24 : Fri Jan 11 2002 - 10:03:40 MST