traceroute

Damir Horvat Tue, 15 Oct 2002 00:43:39 -0700

Hello!

I'm trying to traceroute to one of my servers, but it timeouts.


mail# uname -a
FreeBSD mail.voljatel.si 4.6-RELEASE FreeBSD 4.6-RELEASE #0: Mon Sep  9 
19:56:55 CEST 2002     [EMAIL PROTECTED]:/usr/src/sys/compile/MAIL  i386

mail# ipf -V
ipf: IP Filter: v3.4.27 (336)
Kernel: IP Filter: v3.4.27              
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0

fxp0 is interface connected to Internet.

The part of ipf.rules file:
pass in quick on fxp0 proto icmp from any to any icmp-type 3 keep state         
pass in quick on fxp0 proto icmp from any to any icmp-type 4 keep state         
pass in quick on fxp0 proto icmp from any to any icmp-type 11 keep state
pass in quick on fxp0 proto icmp from any to any icmp-type 12 keep state
pass in quick on fxp0 proto udp from any to any port 33434 >< 33690 keep state

And here's tcpdump output, generated on mail.voljatel.si when doing traceroute 
from a box (hydra.aufbix.org) outside my networks:
---
mail# tcpdump host hydra.aufbix.org
tcpdump: listening on fxp0
10:01:59.865429 hydra.aufbix.org.56305 > mail.voljatel.si.33453:  udp 12 [ttl 
1]
10:01:59.865570 mail.voljatel.si > hydra.aufbix.org: icmp: mail.voljatel.si 
udp port 33453 unreachable
10:02:02.860404 hydra.aufbix.org.56305 > mail.voljatel.si.33454:  udp 12 [ttl 
1]
10:02:02.860521 mail.voljatel.si > hydra.aufbix.org: icmp: mail.voljatel.si 
udp port 33454 unreachable
10:02:04.497498 hydra.aufbix.org.56305 > mail.voljatel.si.33455:  udp 12
10:02:04.497626 mail.voljatel.si > hydra.aufbix.org: icmp: mail.voljatel.si 
udp port 33455 unreachable
^C
79 packets received by filter
0 packets dropped by kernel
---

Since I'm tracerouteing from hydra, ICMP port unreachable is the right answer 
to give, because mail.voljatel.si is final destination. However, traceroute 
on hydra times out and draws those stars in terminal.... And ICMP is not 
blocked on hydra, so it should accept icmp port unreachable.

Where have I gone wrong here?

Regards,
-- 

                Damir Horvat

.................................
System administrator
VOLJATEL telekomunikacije d.d.
Smartinska 106
SI-1000 Ljubljana
Slovenia
.
Tel. +386.(0)1.5875 832
Fax. +386.(0)1.5875 899
www.voljatel.si
E-mail: [EMAIL PROTECTED]
.................................

traceroute

Reply via email to