[TriLUG] traceroute works, ping and tcp services don't get through
Joseph Mack NA3T
jmack at wm7d.net
Fri May 18 18:25:14 EDT 2012
On Fri, 18 May 2012, Joseph Mack NA3T wrote:
>> It's possible that if a router was responding with ICMP type 3, it could
>> have fooled traceroute into thinking it had reached the destination.
Let's see if I understand what you've said...
The situation...
machines A,B,C,D form a loop for tcp and ping because of the
way I've set up the default gateways. However traceroute
A->C gives an output A->B->C. I interpreted this as
indicating that the traceroute packets had gone
A->B->C->B->A ie an out and back.
What you're saying is that I have no idea how the replies
from traceroute got back to A. They could have gone via D in
the loop and I wouldn't have known.
You're also saying that traceroute packets, instead of dying
when TTL=0, could have died because my firewall rules
blocked them.
The firewall rules in the article I used as a model are
quite restrictive for ICMP packets. I can't imagine why you
can't let them all through. They're useful for establishing
routing. I'm still plagued my other machines not being able
to find routes to hosts, when they're on the same network.
It must be the restrictive ICMP rules.
Thanks Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
More information about the TriLUG
mailing list