Traceroute issue
Bob Johnson
bob89 at bobj.org
Sat Apr 10 07:03:47 PDT 2004
On Friday 09 April 2004 09:51 am, Jeff Coleman <"Jeff Coleman"
<spirit at freeshell.org>> wrote:
> I am a new user of BSD and have set up a machine to learn on,
> I have version 5.2 on it and it cannot traceroute out. none of the
> hops resolve
> Pings work fine, and nslookup does as well.
>
In my experience, this is usually caused by a firewall that blocks
either the traceroute packets, or the replies to them. For traceroute
to work correctly, you must be able to receive ICMP TIME EXCEEDED and
ICMP PORT UNREACHABLE packets, and the target system must reject
(rather than accept or silently drop) the query packet that reaches it.
You must also be able to send UDP packets to arbitrary ports.
If you are not seeing anything at all along a multi-hop path, I suspect
that you have a firewall blocking incoming ICMP TIME EXCEEDED packets,
but there are many other possibilities. If you are running a firewall
on your system (e.g. IPFW), then try turning it off and doing a
traceroute.
BSD ping uses ICMP ECHO REQUEST and ECHO RESPONSE packets, so if it is
working then at least some ICMP packets are getting through.
- Bob
More information about the freebsd-questions
mailing list