Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 2 subscribers
  • Views 87995 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[5.012] Firewall is Traceroute visible NOT working

BarryG
On 5.012, I have
"Firewall is Traceroute visible" enabled.

It works if I do a traceroute to any of ASL's interfaces.

However,
If I traceroute from INT to a machine in the DMZ, I get:

Code:
C:\>tracert 10.0.0.10

Tracing route to linux [10.0.0.10]
over a maximum of 30 hops:

  1     *        *        *     Request timed out.
  2   
 

The DMZ server shows up but the firewall does not.

The packetfilter log shows:
 Code:
2004:06:27-11:26:44 (none) kernel: DROP: IN= OUT=eth0 SRC=192.168.11.1 DST=192.168.11.13 LEN=120 TOS=0x00 PREC=0xC0 TTL=64 ID=44735 PROTO=ICMP TYPE=11 CODE=0 [SRC=192.168.11.13 DST=10.0.0.10 LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=26162 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=25856 ] 


192.168.11.1 is the firewall, 11.13 is the PC.

It looks to me like the REPLY packets are getting dropped by the firewall for some reason.

Thanks,
Barry


This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to BarryG
    Also, I have now noticed that traceroute does not work from ASL5, despite the fact that I have ALL the ICMP settings ON.
    Code:
    # traceroute 69.166.208.1
    traceroute to 69.166.208.1 (69.166.208.1), 30 hops max, 40 byte packets
    send failed: Operation not permitted
    send failed: Operation not permitted
    send failed: Operation not permitted
    send failed: Operation not permitted
    ...

    I think this is related to traceroute not working right through ASL.

    Please respond.

    I am using MASQ btw.

    Thanks,
    Barry
Children
No Data