[TriLUG] traceroute works, ping and tcp services don't get through

Joseph Mack NA3T jmack at wm7d.net
Fri May 18 18:25:14 EDT 2012


On Fri, 18 May 2012, Joseph Mack NA3T wrote:

>> It's possible that if a router was responding with ICMP type 3, it could 
>> have fooled traceroute into thinking it had reached the destination.

Let's see if I understand what you've said...

The situation...

machines A,B,C,D form a loop for tcp and ping because of the 
way I've set up the default gateways. However traceroute 
A->C gives an output A->B->C. I interpreted this as 
indicating that the traceroute packets had gone 
A->B->C->B->A ie an out and back.

What you're saying is that I have no idea how the replies 
from traceroute got back to A. They could have gone via D in 
the loop and I wouldn't have known.

You're also saying that traceroute packets, instead of dying 
when TTL=0, could have died because my firewall rules 
blocked them.

The firewall rules in the article I used as a model are 
quite restrictive for ICMP packets. I can't imagine why you 
can't let them all through. They're useful for establishing 
routing. I'm still plagued my other machines not being able 
to find routes to hosts, when they're on the same network. 
It must be the restrictive ICMP rules.

Thanks Joe
-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!



More information about the TriLUG mailing list