Tom Eastep <[EMAIL PROTECTED]> writes:
> I can't reproduce the problem with MS tracert either.
>
>
> Tracing route to animal.blarg.net [206.124.128.1]
> over a maximum of 30 hops:
>
> 1 <1 ms <1 ms <1 ms gateway.shorewall.net [192.168.1.254]
> 2 22 ms 22 ms 25 ms atm02.sea.blarg.net [206.124.128.31]
> 3 25 ms 24 ms 26 ms animal.blarg.net [206.124.128.1]
>
> Trace complete.
Well, it certainly happens for me, both on my home LAN behind a Bering
1.0-rc3 and on my work LAN behind a Bering 1.0-rc3:
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\>tracert animal.blarg.net
Tracing route to animal.blarg.net [206.124.128.1]
over a maximum of 30 hops:
1 * * * Request timed out.
2 <10 ms <10 ms <10 ms cisco-2.speed.net [204.212.42.50]
3 771 ms <10 ms * sl-gw23-ana-4-3-TS16.sprintlink.net [144.232.191.153]
4 260 ms 291 ms 440 ms sl-bb20-ana-3-3.sprintlink.net [144.232.1.45]
5 20 ms 561 ms 20 ms sl-bb22-ana-14-0.sprintlink.net [144.232.1.177]
6 560 ms 10 ms 561 ms 144.232.9.146
7 481 ms 601 ms 601 ms pos4-0-2488M.cr1.SNA1.gblx.net [64.215.195.89]
8 691 ms 701 ms 641 ms pos0-0-2488M.cr2.SEA1.gblx.net [64.215.195.2]
9 611 ms 560 ms 601 ms pos12-0-0-155M.ar3.SEA1.gblx.net [208.49.158.102]
10 641 ms 701 ms 631 ms BlargOnLineServices.s12-1-0.ar3.SEA1.gblx.net
[208.51.239.2]
11 481 ms 410 ms 441 ms animal.blarg.net [206.124.128.1]
Trace complete.
> MS tracert appears to just be using ICMP echo-request (ping) packets. It
> starts out with TTL=1 and increases.
Well, that's awfully strange, because both at home and at work I can ping
the Bering box just fine:
C:\>ping gatekeeper
Pinging gatekeeper [192.168.1.254] with 32 bytes of data:
Reply from 192.168.1.254: bytes=32 time=10ms TTL=255
Reply from 192.168.1.254: bytes=32 time<10ms TTL=255
Reply from 192.168.1.254: bytes=32 time=10ms TTL=255
Ping statistics for 192.168.1.254:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 10ms, Average = 6ms
Control-C
^C
but tracert gets the "Request timed out".
> I've tested using both Windows XP and Windows ME.
Well, since XP is a hybrid of features from the NT-based Windows OSes and
the DOS-based ones, it's possible that Win2K (and NT) tracert works
differently than XP and ME tracert, though it seems somewhat unlikely.
FWIW, I tried boxes on my work network running four different UNIX flavors,
and they all get the same problem on hop 1, though I guess that's to be
expected if UNIX traceroute uses UDP and on my work Bering box (unlike my
home Bering box) I haven't tried changing that UDP port range to ACCEPT
(REJECT should work too, no?).
> Dan -- the only thing that I can see that would cause the problem that you
> are seeing is if the firewall is blocking fw->loc time exceeded ICMP
> packets. The icmp.def file that I release definitely allows those through.
> And since the packet is related to a loc->net "ping" request, it should be
> passed unconditionally.
I haven't done anything strange to the Shorewall setup on either my home or
work Bering boxes. In both cases, the only tweaks I've made to the stock
setup is to uncomment the Policy line allowing unfettered access to the
Internet from the firewall, and to add a line in Rules allowing SSH access
from an IP or a range of IPs.
In any case, it doesn't appear to be just me, since someone else originally
reported this problem, and I was just confirming that I can reproduce it.
--
Dan Harkless
[EMAIL PROTECTED]
http://harkless.org/dan/
-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
