If you're specifying the types of icmp to let through the firewall, a traceroute replies with an icmp "time-exceeded". If you are specifying icmp types make sure you're allowing that one back through from the net to get the traceroute reply.
-----Original Message----- From: VASILIOS CHOUVARDAS [mailto:[EMAIL PROTECTED]] Sent: 15 January 2002 04:56 Cc: [EMAIL PROTECTED] Subject: Re: strange traceroute output It seems to me that your firewall drops any ICMP (traceroute uses ICMP) packet coming from the outside with destination your servers. Check the firewall rules. Vasilios Chouvardas "Chris Boyd (Admin)" wrote: > > Have a 512k connection to internet with an NTU (is a Martis STU-2304 if > that matters) connected to a Cisco 1605 using both interfaces. One has an > IP range from the ISP which are used by web/email servers running Linux > RH 7.1 and the other has the internal IP's > set(192.168.0.0) which are used by workstations(unfortun. Win 98 > machines). A firewall is on the servers running stripped down RH 6.2. > When doing a traceroute from the servers I'm getting the following > return. > traceroute www.esat.net (our ISP) > traceroute to www.esat.net (193.120.15.2), 30 hops max, 38 byte packets > 1 defunct (194.125.x.x) 1.646 ms 0.455 ms 0.443 ms (firewall) > 2 * * * > 3 * * * > 4 * * * > 5 * * > and continues on for 30 hops. > Doesn't do this from the workstations only from servers. > This happens when I try this on any address outside the network. I'm not > sure if its something with the firewall possibly or is it some form of DoS > maybe. > Any ideas. > If need more info just ask. > > Thanks > > Security Newbie
