[TriLUG] traceroute works, ping and tcp services don't get through

Michael Hrivnak mhrivnak at hrivnak.org
Sat May 19 01:10:37 EDT 2012


On Fri, May 18, 2012 at 6:25 PM, Joseph Mack NA3T <jmack at wm7d.net> wrote:
> On Fri, 18 May 2012, Joseph Mack NA3T wrote:
>
> Let's see if I understand what you've said...

> What you're saying is that I have no idea how the replies from traceroute
> got back to A. They could have gone via D in the loop and I wouldn't have
> known.

Correct.

>
> You're also saying that traceroute packets, instead of dying when TTL=0,
> could have died because my firewall rules blocked them.

Correct, although unlikely, and this would only happen if your
firewall was configured strangely, such as if you'd put an ICMP rule
in the FORWARD table by mistake instead of the INPUT table.

>
> The firewall rules in the article I used as a model are quite restrictive
> for ICMP packets. I can't imagine why you can't let them all through.
> They're useful for establishing routing. I'm still plagued my other machines
> not being able to find routes to hosts, when they're on the same network. It
> must be the restrictive ICMP rules.
>
>
> Thanks Joe
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
> --
> This message was sent to: Michael Hrivnak <mhrivnak at hrivnak.org>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/mhrivnak%40hrivnak.org
> TriLUG FAQ          : http://www.trilug.org/wiki/Frequently_Asked_Questions



More information about the TriLUG mailing list