Re: Traceroute problem
That helped, thank you. On Sunday 29 June 2003 08:36 pm, you wrote: > On Sunday 29 June 2003 22:42, Michael S. Dunsavage wrote: > > Using traceroute I can't seem to get anywhere.. > > > > but on a windows box I get all the results. Any idea why? > > Try using "-I" (ICMP) and see if it makes a difference. > > Regards, Mike Klinke -- Michael S. Dunsavage -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: Traceroute problem
On Sunday 29 June 2003 22:42, Michael S. Dunsavage wrote: > Using traceroute I can't seem to get anywhere.. > > but on a windows box I get all the results. Any idea why? > > Try using "-I" (ICMP) and see if it makes a difference. Regards, Mike Klinke -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
Re: traceroute
> > > Yes the computer is connected to a network, which is > > mine, and I do have a linksys router/firewall, but I > > can do tracert from my windows box ok, but not from > > Linux. > > Apples and oranges. Most if not all Windows traceroute clients use icmp whereas most > *nix traceroute clients use udp unless you tell it to use icmp. FWIW, I have a Linksys router/firewall also and saw the same symptoms as you. Using the -I switch on traceroute allows it to work from Linux. As the a previous poster mentioned, this will force traceroute to use ICMP instead of the default in Linux UDP packets. /jft -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: traceroute
I checked under /etc/serivces and the ports 33434 and 33490 are not commented out, but I am not familiar with iptables. I have stopped iptables from booting up when the machine stops but how can I turn it all of the way off? thanks -Chris >Traceroute from linux goes on udp ports unlike tracert >from windows >(I >think this one from windows uses icmp) >Maybe you have those udp ports blocked from your >firewall >These are the upd ports for traceroute (from linux) >33434:33490 = Winning an argument on the internet is like getting 1st place at the Special Olympics * GAIM ID: cmmiller1973 * __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
RE: traceroute
These are the upd ports for traceroute (from linux) 33434:33490 - Original Message - From: "Mihai Tanasescu" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, March 08, 2003 10:55 PM Subject: Re: traceroute > Traceroute from linux goes on udp ports unlike tracert from windows (I > think this one from windows uses icmp) > Maybe you have those udp ports blocked from your firewall. > - Original Message - > From: "CM Miller" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, March 08, 2003 9:13 PM > Subject: RE: traceroute > > > > > > > > Yes the computer is connected to a network, which is > > mine, and I do have a linksys router/firewall, but I > > can do tracert from my windows box ok, but not from > > Linux. > > > > Even simple command like root > > > > traceroute olug.org > > > > still get > > > > 1 * * * > > 2 * * * > > 3 * * * > > 4 * * * > > 5 * * * > > 6 * * * > > > > ? > > > > thanks > > > > > > > > >hi chris, > > > > >a few things. what does the -l option stand for ? try > > >using > > >traceroute > > >without any options. > > > > >if your computer is connected in a network which is > > >administered by > > >someone else, make sure they dont have a firewall. to > > >check this you > > >can > > >first do a traceroute to one of the machines in the > > >network. if that > > >works > > >then you probably are behind a firewall. > > > > >cheers, > > >rahul. > > > > = > > Winning an argument on the internet is like getting 1st place at the > Special Olympics > > > > * > > GAIM ID: cmmiller1973 > > * > > > > __ > > Do you Yahoo!? > > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > > http://mailplus.yahoo.com > > > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:[EMAIL PROTECTED] > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: traceroute
Traceroute from linux goes on udp ports unlike tracert from windows (I think this one from windows uses icmp) Maybe you have those udp ports blocked from your firewall. - Original Message - From: "CM Miller" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, March 08, 2003 9:13 PM Subject: RE: traceroute > > > Yes the computer is connected to a network, which is > mine, and I do have a linksys router/firewall, but I > can do tracert from my windows box ok, but not from > Linux. > > Even simple command like root > > traceroute olug.org > > still get > > 1 * * * > 2 * * * > 3 * * * > 4 * * * > 5 * * * > 6 * * * > > ? > > thanks > > > > >hi chris, > > >a few things. what does the -l option stand for ? try > >using > >traceroute > >without any options. > > >if your computer is connected in a network which is > >administered by > >someone else, make sure they dont have a firewall. to > >check this you > >can > >first do a traceroute to one of the machines in the > >network. if that > >works > >then you probably are behind a firewall. > > >cheers, > >rahul. > > = > Winning an argument on the internet is like getting 1st place at the Special Olympics > > * > GAIM ID: cmmiller1973 > * > > __ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: traceroute
** Reply to message from CM Miller <[EMAIL PROTECTED]> on Sat, 08 Mar 2003 11:13:40 -0800 (PST) > Yes the computer is connected to a network, which is > mine, and I do have a linksys router/firewall, but I > can do tracert from my windows box ok, but not from > Linux. Apples and oranges. Most if not all Windows traceroute clients use icmp whereas most *nix traceroute clients use udp unless you tell it to use icmp. > > Even simple command like root > > traceroute olug.org > > still get > > 1 * * * > 2 * * * > 3 * * * > 4 * * * > 5 * * * > 6 * * * The reply is being filtered somewhere down the line, if not by your box then somewhere upstream. jb -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
RE: traceroute
Yes the computer is connected to a network, which is mine, and I do have a linksys router/firewall, but I can do tracert from my windows box ok, but not from Linux. Even simple command like root traceroute olug.org still get 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * ? thanks >hi chris, >a few things. what does the -l option stand for ? try >using >traceroute >without any options. >if your computer is connected in a network which is >administered by >someone else, make sure they dont have a firewall. to >check this you >can >first do a traceroute to one of the machines in the >network. if that >works >then you probably are behind a firewall. >cheers, >rahul. = Winning an argument on the internet is like getting 1st place at the Special Olympics * GAIM ID: cmmiller1973 * __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Traceroute
I have. Brian Did you try "traceroute -i ppp0 "? That always worked for me. But I have not used it for a while - the last time was on a Rh 5.2 machine. Mikkel "If you're not one of us, you are one of them" Morpheus Brian Schneider [EMAIL PROTECTED] www.liberty.dyndns.org ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
RE: traceroute and sendmail quit working (more)
It does not work with the -i flag. On another of my boxes it works fine going through this machine. I did not change anything and it just quit working last week. I did do the latest upgrades so maybe something in there. What sort of tests can I do to try to find where the problem lies? TIA On Fri, 20 Apr 2001, Thornton Prime wrote: > > > At 06:55 PM 4/20/01 -0600, you wrote: > >Within the last week my mail quit sending out. I get messages saying "No > >route to host". Mail works internally so it does send, it is a routing > >error. When I run a traceroute to an outside address, it does nothing. > >Telnet, ftp, www etc all work fine. I have been keeping up2date on all the > >updates, and this may be a result of one of them, but not sure which. > > > >Any ideas? > > By traceroute doing nothing, you mean that all the packets are timing out? > > Check your firewall? What type of LAN do you have? If you are able to do > some types of traffic and not others, there must be someone filtering your > traffic. > > thornton > > Also, traceroute doesn't always pick the correct interface, so you sometimes have to use the -i option if you are trying to use traceroute on a macnie with more then out interface. When I had a PPP connection to the Internet, I always had to use -i ppp0 with traceroute to trace anything over the net. Mikkel -- Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. "If you're not one of us, you are one of them" Morpheus Brian Schneider [EMAIL PROTECTED] www.liberty.dyndns.org ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: traceroute and sendmail quit working
On Fri, 20 Apr 2001, Thornton Prime wrote: > > > At 06:55 PM 4/20/01 -0600, you wrote: > >Within the last week my mail quit sending out. I get messages saying "No > >route to host". Mail works internally so it does send, it is a routing > >error. When I run a traceroute to an outside address, it does nothing. > >Telnet, ftp, www etc all work fine. I have been keeping up2date on all the > >updates, and this may be a result of one of them, but not sure which. > > > >Any ideas? > > By traceroute doing nothing, you mean that all the packets are timing out? > > Check your firewall? What type of LAN do you have? If you are able to do > some types of traffic and not others, there must be someone filtering your > traffic. > > thornton > > Also, traceroute doesn't always pick the correct interface, so you sometimes have to use the -i option if you are trying to use traceroute on a macnie with more then out interface. When I had a PPP connection to the Internet, I always had to use -i ppp0 with traceroute to trace anything over the net. Mikkel -- Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: traceroute and sendmail quit working
At 06:55 PM 4/20/01 -0600, you wrote: >Within the last week my mail quit sending out. I get messages saying "No >route to host". Mail works internally so it does send, it is a routing >error. When I run a traceroute to an outside address, it does nothing. >Telnet, ftp, www etc all work fine. I have been keeping up2date on all the >updates, and this may be a result of one of them, but not sure which. > >Any ideas? By traceroute doing nothing, you mean that all the packets are timing out? Check your firewall? What type of LAN do you have? If you are able to do some types of traffic and not others, there must be someone filtering your traffic. thornton ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: traceroute and sendmail quit working
Did you upgrade Sendmail? I just upgraded a RH6.1 machine to 7.1 and my sendmail configuration got messed up. Check your sendmail.cf file. At 06:55 PM 4/20/01 -0600, you wrote: >Within the last week my mail quit sending out. I get messages saying "No >route to host". Mail works internally so it does send, it is a routing >error. When I run a traceroute to an outside address, it does nothing. >Telnet, ftp, www etc all work fine. I have been keeping up2date on all the >updates, and this may be a result of one of them, but not sure which. > >Any ideas? > > >"If you're not one of us, you are one of them" Morpheus > >Brian Schneider [EMAIL PROTECTED] www.liberty.dyndns.org > > > > >___ >Redhat-list mailing list >[EMAIL PROTECTED] >https://listman.redhat.com/mailman/listinfo/redhat-list ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: traceroute
Does networking work properly otherwise? If not, what other problems are you having? "Mikkel L. Ellertson" wrote: > > On Fri, 5 Jan 2001, Steve Lee wrote: > > > it still doesn't work. > > but it works in my windows machine. > > ?? > > just not on the server. > > is it some kind of routing problem > > > > On Fri, 5 Jan 2001, David Brett wrote: > > > > > You probably can't, try doing traceroute -n x.x.x.x. If this fails then > > > the network you are on does not allow pings. If it does work, the problem > > > is DNS lookup issue. > > > > > > > > > david > > > > > > On Fri, 5 Jan 2001, Steve Lee wrote: > > > > > > > when i do a traceroute i get a bunch of > > > > > > > > 1 * * * > > > > 2 * * * > > > > 3 * * * > > > > 4 * * * > > > > 5 * * * > > > > 6 * * * > > > > 7 * * * > > > > 8 * * * > > > > > > > > what is this > > > > how do i fix it? > > > > > > > > > What interface are you trying to use? Traceroute doesn't do a real good > job of detecting the correct interface when you have more then one. You > may have to use the -i option, especialy if you are tracing a connection > to the Internet over a PPP connnection. I always had to use > "traceroute -i ppp0 " when I was using a PPP connection. > > Mikkel > -- > > Do not meddle in the affairs of dragons, > for you are crunchy and taste good with ketchup. > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: traceroute
On Fri, 5 Jan 2001, Steve Lee wrote: > it still doesn't work. > but it works in my windows machine. > ?? > just not on the server. > is it some kind of routing problem > > On Fri, 5 Jan 2001, David Brett wrote: > > > You probably can't, try doing traceroute -n x.x.x.x. If this fails then > > the network you are on does not allow pings. If it does work, the problem > > is DNS lookup issue. > > > > > > david > > > > On Fri, 5 Jan 2001, Steve Lee wrote: > > > > > when i do a traceroute i get a bunch of > > > > > > 1 * * * > > > 2 * * * > > > 3 * * * > > > 4 * * * > > > 5 * * * > > > 6 * * * > > > 7 * * * > > > 8 * * * > > > > > > what is this > > > how do i fix it? > > > > > > What interface are you trying to use? Traceroute doesn't do a real good job of detecting the correct interface when you have more then one. You may have to use the -i option, especialy if you are tracing a connection to the Internet over a PPP connnection. I always had to use "traceroute -i ppp0 " when I was using a PPP connection. Mikkel -- Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
RE: traceroute
You probably have your firewall set to reject the final traceroute receipt packets. I think it's icmp port 4 or 8. Well, one of those between 0-8. Drew [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Lee Sent: Friday, January 05, 2001 7:57 PM To: [EMAIL PROTECTED] Subject: Re: traceroute it still doesn't work. but it works in my windows machine. ?? just not on the server. is it some kind of routing problem On Fri, 5 Jan 2001, David Brett wrote: > You probably can't, try doing traceroute -n x.x.x.x. If this fails then > the network you are on does not allow pings. If it does work, the problem > is DNS lookup issue. > > > david > > On Fri, 5 Jan 2001, Steve Lee wrote: > > > when i do a traceroute i get a bunch of > > > > 1 * * * > > 2 * * * > > 3 * * * > > 4 * * * > > 5 * * * > > 6 * * * > > 7 * * * > > 8 * * * > > > > what is this > > how do i fix it? > > > > > > > > ___ > > Redhat-list mailing list > > [EMAIL PROTECTED] > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: traceroute
it still doesn't work. but it works in my windows machine. ?? just not on the server. is it some kind of routing problem On Fri, 5 Jan 2001, David Brett wrote: > You probably can't, try doing traceroute -n x.x.x.x. If this fails then > the network you are on does not allow pings. If it does work, the problem > is DNS lookup issue. > > > david > > On Fri, 5 Jan 2001, Steve Lee wrote: > > > when i do a traceroute i get a bunch of > > > > 1 * * * > > 2 * * * > > 3 * * * > > 4 * * * > > 5 * * * > > 6 * * * > > 7 * * * > > 8 * * * > > > > what is this > > how do i fix it? > > > > > > > > ___ > > Redhat-list mailing list > > [EMAIL PROTECTED] > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: traceroute
You probably can't, try doing traceroute -n x.x.x.x. If this fails then the network you are on does not allow pings. If it does work, the problem is DNS lookup issue. david On Fri, 5 Jan 2001, Steve Lee wrote: > when i do a traceroute i get a bunch of > > 1 * * * > 2 * * * > 3 * * * > 4 * * * > 5 * * * > 6 * * * > 7 * * * > 8 * * * > > what is this > how do i fix it? > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Traceroute not tracing routes
Terry, I don't have any experience with ipfwadm and, since my firewall uses ipchains, I may be incorrect, but I'll take a stab at it. From what you've posted, it looks like you are allowing everything in and out on ports 25, 110, 80 and in only on 53. Everything else would be blocked by that last rule before accounting, including traces and pings using the first five ports. Perhaps throwing a rule in there to allow ports 4, 3, and other traceroute ports for the icmp protocol would let traceroute through. I couldn't tell you what the other ports are. My firewall has some variables set as follows: TRACEROUTE_SRC_PORTS="32769:65535" TRACEROUTE_DEST_PORTS="33434:33523" and a rule allowing them out on the udp protocol. Here is the rule: ipchains -A output -i $EXTERNAL_INTERFACE -p udp -s $IPADD \ $TRACEROUTE_SRC_PORTS -d $ANYWHERE $TRACEROUTE_DEST_PORTS -j ACCEPT I modified this script from one I found at http://linux-firewall-tools.com/, so I don't really understand what this accomplishes. I only know that it works. They have one there for ipfwadm also that may be a little more helpful to you. Good luck, Drew -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Terry Williams Sent: Thursday, November 16, 2000 9:20 AM To: [EMAIL PROTECTED] Subject: Re: Traceroute not tracing routes Yeah I could see how that would be a problem except for I didn't change anything and it worked the night before and for the past month. And the machines behind it can do a traceroute fine. I use ipfwadm here is my ruleset #==[Flush...All My Rules]=# ipfwadm -I -f ipfwadm -F -f ipfwadm -O -f ipfwadm -A -f # Masquerade everything as coming from eth0 ipfwadm -F -a masquerade -S 192.168.100.0/255.255.255.0 -D 0/0 ipfwadm -F -a accept -b -P tcp -S 0/0 1024:65535 -D 192.168.100.2/32 25 ipfwadm -F -a accept -b -P tcp -S 192.168.100.2/32 25 -D 0/0 1024:65535 ipfwadm -F -a accept -b -P tcp -S 0/0 1024:65535 -D 192.168.100.2/32 110 ipfwadm -F -a accept -b -P tcp -S 192.168.100.2/32 110 -D 0/0 1024:65535 ipfwadm -F -a accept -b -P tcp -S 0/0 1024:65535 -D 192.168.100.2 80 ipfwadm -F -a accept -b -P tcp -S 192.168.100.2 80 -D 0/0 1024:65535 ipfwadm -F -a accept -b -P udp -S 0/0 53 -D 192.168.100.0/24 ipfwadm -F -a deny -S 0/0 -D 0/0 -o #Accounting /sbin/ipfwadm -A -f /sbin/ipfwadm -A out -i -S 192.168.100.0/24 -D 0.0.0.0/0 /sbin/ipfwadm -A out -i -S 0.0.0.0/0 -D 192.168.100.0/24 /sbin/ipfwadm -A in -i -S 192.168.100.0/24 -D 0.0.0.0/0 /sbin/ipfwadm -A in -i -S 0.0.0.0/0 -D 192.168.100.0/24 - Original Message - From: "Jack Bowling" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 16, 2000 10:03 AM Subject: Re: Traceroute not tracing routes > ** Reply to message from "Drew Hunt" <[EMAIL PROTECTED]> on Thu, 16 > Nov 2000 06:46:08 -0700 > > > > I'm running RH 6.2, but have the same problem. I traced it to the firewall, > > having pulled it down momentarily and having the traceroute work perfectly. > > One of the first 5 ICMP ports has to be enabled to receive packets, not just > > responses with the !-y option, but I don't remember which one. I never did > > fix it myself because I figured it wasn't worth the first few lines of stars > > for the compromised stealth. I already know that they are my firewall, the > > cablemodem router, and my ISPs first router respectively. > > That would be port 0. An appropriate ipchains rule could be: > > ipchains -A input -i ppp0 -p icmp --dport 0 -j ACCEPT -l > > There may be a better way to set this up using the "--icmp-type" switch. > > > > > > > Jack Bowling > Prince George, BC > mailto:[EMAIL PROTECTED] > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Traceroute not tracing routes
Hi Drew, > One > of the first 5 ICMP ports has to be enabled to receive packets, not just > responses with the !-y option, Just a little correction here. You can't use the -y option for ICMP packets, only for TCP. Bye, Leonard. ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Traceroute not tracing routes
Try using "mtr" instead of "traceroute". It comes with RH7.0, dunno about RH6.x but easily added. It is a much nicer util than standard traceroute. Graham... At 16:19 16/11/2000, you wrote: >Yeah I could see how that would be a problem except for I didn't change >anything and it worked the night before and for the past month. And the >machines behind it can do a traceroute fine. I use ipfwadm here is my >ruleset ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Traceroute not tracing routes
Yeah I could see how that would be a problem except for I didn't change anything and it worked the night before and for the past month. And the machines behind it can do a traceroute fine. I use ipfwadm here is my ruleset #==[Flush...All My Rules]=# ipfwadm -I -f ipfwadm -F -f ipfwadm -O -f ipfwadm -A -f # Masquerade everything as coming from eth0 ipfwadm -F -a masquerade -S 192.168.100.0/255.255.255.0 -D 0/0 ipfwadm -F -a accept -b -P tcp -S 0/0 1024:65535 -D 192.168.100.2/32 25 ipfwadm -F -a accept -b -P tcp -S 192.168.100.2/32 25 -D 0/0 1024:65535 ipfwadm -F -a accept -b -P tcp -S 0/0 1024:65535 -D 192.168.100.2/32 110 ipfwadm -F -a accept -b -P tcp -S 192.168.100.2/32 110 -D 0/0 1024:65535 ipfwadm -F -a accept -b -P tcp -S 0/0 1024:65535 -D 192.168.100.2 80 ipfwadm -F -a accept -b -P tcp -S 192.168.100.2 80 -D 0/0 1024:65535 ipfwadm -F -a accept -b -P udp -S 0/0 53 -D 192.168.100.0/24 ipfwadm -F -a deny -S 0/0 -D 0/0 -o #Accounting /sbin/ipfwadm -A -f /sbin/ipfwadm -A out -i -S 192.168.100.0/24 -D 0.0.0.0/0 /sbin/ipfwadm -A out -i -S 0.0.0.0/0 -D 192.168.100.0/24 /sbin/ipfwadm -A in -i -S 192.168.100.0/24 -D 0.0.0.0/0 /sbin/ipfwadm -A in -i -S 0.0.0.0/0 -D 192.168.100.0/24 - Original Message - From: "Jack Bowling" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 16, 2000 10:03 AM Subject: Re: Traceroute not tracing routes > ** Reply to message from "Drew Hunt" <[EMAIL PROTECTED]> on Thu, 16 > Nov 2000 06:46:08 -0700 > > > > I'm running RH 6.2, but have the same problem. I traced it to the firewall, > > having pulled it down momentarily and having the traceroute work perfectly. > > One of the first 5 ICMP ports has to be enabled to receive packets, not just > > responses with the !-y option, but I don't remember which one. I never did > > fix it myself because I figured it wasn't worth the first few lines of stars > > for the compromised stealth. I already know that they are my firewall, the > > cablemodem router, and my ISPs first router respectively. > > That would be port 0. An appropriate ipchains rule could be: > > ipchains -A input -i ppp0 -p icmp --dport 0 -j ACCEPT -l > > There may be a better way to set this up using the "--icmp-type" switch. > > > > > > > Jack Bowling > Prince George, BC > mailto:[EMAIL PROTECTED] > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Traceroute not tracing routes
** Reply to message from "Drew Hunt" <[EMAIL PROTECTED]> on Thu, 16 Nov 2000 06:46:08 -0700 > I'm running RH 6.2, but have the same problem. I traced it to the firewall, > having pulled it down momentarily and having the traceroute work perfectly. > One of the first 5 ICMP ports has to be enabled to receive packets, not just > responses with the !-y option, but I don't remember which one. I never did > fix it myself because I figured it wasn't worth the first few lines of stars > for the compromised stealth. I already know that they are my firewall, the > cablemodem router, and my ISPs first router respectively. That would be port 0. An appropriate ipchains rule could be: ipchains -A input -i ppp0 -p icmp --dport 0 -j ACCEPT -l There may be a better way to set this up using the "--icmp-type" switch. Jack Bowling Prince George, BC mailto:[EMAIL PROTECTED] ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Traceroute not tracing routes
I'm running RH 6.2, but have the same problem. I traced it to the firewall, having pulled it down momentarily and having the traceroute work perfectly. One of the first 5 ICMP ports has to be enabled to receive packets, not just responses with the !-y option, but I don't remember which one. I never did fix it myself because I figured it wasn't worth the first few lines of stars for the compromised stealth. I already know that they are my firewall, the cablemodem router, and my ISPs first router respectively. Drew [EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Terry WilliamsSent: Wednesday, November 15, 2000 9:18 PMTo: [EMAIL PROTECTED]Subject: Traceroute not tracing routes When I run traceroute on my Red Hat 7.0 I get 1 * * * * 2 * * * * 3 * * * * Now the catch it used to work, and my machines connected through this one using ipchains it works correctly. I have removed traceroute and recompiled. Checked to make sure I don't have something blocking the datagrams. Can anyone think of anything else I might look for or do because I really need this ability. Thank You.
RE: Traceroute woes!
%-> I'm currently locking horns with our network admin because he %-> tells me it's %-> impossible to do traceroutes to the outside world if you are %-> using NAT and %-> are behind a PIX firewall (I assume the same with any firewall). I don't %-> believe this line of bull because I'm sure there is a way %-> around this or a %-> *fix* if you will. Can anyone shed some light on this matter, please? Tracerouting works fine here... I'm behind a NAT'ing router. If the admin is blocking all ICMP and UDP (traceroute can use either) then it won't work, but then again, the network will be pretty broken so tracerouting would be the least of your concerns. -- Juha ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: Traceroute woes!
On Tue, Sep 05, 2000 at 10:11:02AM -0700, Steve Curry wrote: > Hello all, > > > I'm currently locking horns with our network admin because he tells me it's > impossible to do traceroutes to the outside world if you are using NAT and > are behind a PIX firewall (I assume the same with any firewall). I don't > believe this line of bull because I'm sure there is a way around this or a > *fix* if you will. Can anyone shed some light on this matter, please? It _can_ work. It depends on the NAT implementation and the firewall configuration. I can't help you in your case since I have no idea what a PIX firewall is. -- Steve Borho Voice: 314-439-8342 Member of Technical Staff Celox Networks Inchttp://www.ietf.org/rfc/rfc1925.txt ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
RE: Traceroute woes!
Well, I do them from behind my firewall all the time... I imagine he is doing something like blocking ICMP packets or something else he shouldn't be doing.. > -Original Message- > From: Steve Curry [SMTP:[EMAIL PROTECTED]] > Sent: Tuesday, September 05, 2000 1:11 PM > To: [EMAIL PROTECTED] > Subject: Traceroute woes! > > Hello all, > > > I'm currently locking horns with our network admin because he tells me > it's > impossible to do traceroutes to the outside world if you are using NAT and > are behind a PIX firewall (I assume the same with any firewall). I don't > believe this line of bull because I'm sure there is a way around this or a > *fix* if you will. Can anyone shed some light on this matter, please? > > > Thanks, > > > Steve Curry > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: TraceRoute
>In FTP95Pro, along with the standard WhoIs, Ping, and Finger >functionality, >there is also the TraceRoute program. Since these other bits of >software >originated in Unix and were taken to Windoze, I would guess that >there's and >easy user-level way to do a trace route in Unix. >Is there? And if so, where do I find it? I've checked the man pages, >but to >no avail... >-Michael It is called traceroute. The package is also named traceroute. Igmar -- PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES! http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
Re: TraceRoute
How aboout traceroute? [root@firewall /root]# locate traceroute /usr/man/man8/traceroute.8 /usr/sbin/traceroute /var/catman/cat8/traceroute.8.gz [root@firewall /root]# traceroute --help Version 1.4a5 Usage: traceroute [-dFInrvx] [-g gateway] [-i iface] [-f first_ttl] [-m max_ttl] [ -p port] [-q nqueries] [-s src_addr] [-t tos] [-w waittime] host [packetlen] [root@firewall /root]# rpm -qv -f /usr/sbin/traceroute traceroute-1.4a5-4 [root@firewall /root]# Michael George wrote: > > Is there? And if so, where do I find it? I've checked the man pages, but to > no avail... -- Ed Jaeger, CFO, Bohlender Graebener Corporation [EMAIL PROTECTED] http://www.bgcorp.com -- PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES! http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
