Re: [flalug] firewall gurus, help please!

From: Eric Bravick (ebravick@nks.net)
Date: Mon Dec 15 2003 - 23:27:39 EST

One guess might be that many firewalls do not allow the use of UDP
packets that many version of traceroute use by default.

Try traceroute -I foo.com instead to force the use of ICMP messages.

As to your second question: allow all ICMP in to your workstation on the
firewall? Not sure I really want to do this, but on many of the small
embedded device style firewalls, you don't have a lot of flexibility
with how ICMP is handled.

Eben King wrote:
>
> OK. I've screwed up traceroute somehow. It worked under my previous
> router (ipchains, Linux 2.0.x, P75), but I just checked it under my new
> router (USR 8054), and it doesn't. From the inside, I get something like
>
> [eben@pc eben]$ /usr/sbin/tracepath yahoo.com
> 1?: [LOCALHOST] pmtu 1500
> 1: usr8054 (192.168.1.25) asymm 2 0.518ms
> 2: no reply
> 3: no reply
> ... (repeat until killed)
>
> And from the outside,
> [eben@monkey eben]$ /usr/sbin/tracepath aaa.bbb.ccc.ddd
> 1?: [LOCALHOST] pmtu 1500
> 1: ssrb-core-msfc-v212.ns.ufl.edu (128.227.212.1) 0.724ms
> ...
> 19: ddd-ccc.bbb-aaa.tampabay.rr.com (aaa.bbb.ccc.ddd) asymm 15 82.184ms
> 20: no reply
> 21: no reply
> ... (repeat until killed)
>
> When I tracepath the router, I get this:
> [eben@pc networking]$ /usr/sbin/tracepath usr8054
> 1?: [LOCALHOST] pmtu 1500
> 1: usr8054 (192.168.1.25) asymm 2 0.675ms
> 1?: usr8054 (192.168.1.25) asymm 2 reached
> Resume: pmtu 1500 hops 1 back 2
>
> The network looks like this:
>
> +--------+
> | monkey |
> +--------+
> |
> ( internet )
> |
> +-------------+
> | cable modem |
> +-------------+
> |
> +------+ +-----------+
> | USR | | laptop |
> | 8054 ~ ~ (802.11b) |
> +------+ +-----------+
> |
> - - ----------------- - -
> | | | | |
> +-+ +-+ +-+ +-+ +-+
> |X| | | | | | | | |
> +-+ +-+ +-+ +-+ +-+
> ^
> my machine
>
> AFAIK, I need to make sure ICMP "port unreachable" messages get to my
> computer. Is this correct? Any idea how to do that? Thanks.
>
> --
> -eben ebQenW1@EtaRmpTabYayU.rIr.OcoPm home.tampabay.rr.com/hactar
> CANCER: The position of Jupiter says that you should spend the
> rest of the week face down in the mud. Try not to shove a roll of
> duct tape up your nose when taking your driver's test. -- Weird Al 

-- 
--------------------------------------------------
--   Eric Bravick, Engineering Shock Trooper    --
---       Networked Knowledge Systems          ---      
----   P.O. Box 20772 Tampa, FL. 33622-0772   ----
----- (813)594-0055 Voice  (813)594-0045 FAX -----
------          ebravick@nks.net            ------
--------------------------------------------------
-----   This email bound by the following:   -----
---- http://www.nks.net/email_disclaimer.html ----
--------------------------------------------------

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:59:55 EDT