Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

traceroute

Status
Not open for further replies.
peterve

peterve

IS-IT--Management
Mar 19, 2000
1,348
NL
Hi all,

I have a very strange problem :

I can ping from my Linux (Redhat 7.1) machine to any IP address, but performing a traceroute to the same IP address only gives me

* * * timed out
* * * timed out

What could be wrong here ?

Thanks ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
 
Sort by date Sort by votes
yes, but all the other computers on the network can do the traceroute,
(ICMP is allowed)

I even tried to turn of the firewall service, but it doens't work...

any ideas ? ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
 
Upvote 0 Downvote
Allow icmp time exceeded packets in your input and output
rules for iptables or ipchains, whichever you are using.
 
Upvote 0 Downvote
i'm using an external firewall

however, xident.d is running on the machine (Redhat LInux 7.1)
Where can I specify to allow this ? ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
 
Upvote 0 Downvote
Hi,





Traceroute uses icmp message types 3 (destination unreachable) and 11 (time exceeded). In ipchains firewalling terms these equate to ports so you'd have to allow access with rules like this :





ipchains -A input -i eth0 -p icmp -s any/0 11 -d any/0 -J ACCEPT





or
for iptables...




/sbin/iptables -i eth0 -p icmp --icmp-type time-exceeded -j ACCEPT





[change eth0 to your internet interface]





(For iptables you can be even more specific by using '--icmp-type ttl-zero-during-transit' or '--icmp-type ttl-zero-during-reassembly' )





However, if you don't have a firewall active it doesn't really make a lot of sense. It seems to be the case with RH 7.1 that a lot of people are indeed running the RH firewall even though they don't remember setting it up. You could always try to configure that firewall and see if it makes a difference. Enter 'lokkit' in a console window and follow the instructions. If you want the gnome interface do 'gnome-lokkit'.





Hope this helps








 
Upvote 0 Downvote
I think this is a firewall issue on my LInux Redhat 7.1...
How can I completely turn off the firewall on Linux ?
If I run 'setup' or 'lokkit', the firewall config always jumps to 'HIGH', when I set it to 'no firewall' and save,
then quit, and then look again, it has been reverted to 'HIGH'....

---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !
 
Upvote 0 Downvote
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top