Tracerouting

Matthew Seaman m.seaman at infracaninophile.co.uk
Sat Jun 22 19:47:01 BST 2002


On Sat, Jun 22, 2002 at 06:53:10PM +0100, Lee wrote:

> However whenever I try to traceroute, anything beyond the initial hop (my router) is not returning I just get:-
> 
> 2    *    *    *
> 3    *    *    *
> 4    *    *    *
> 5    *    *    * etc

Your router is filtering out the outgoing packets that FreeBSD
traceroute uses.

> I though I may be my router, but the other 3 computers on my network
> (a RedHat 7.3 / Windows 98, Windows Me & a WIndows 2K laptop) Work
> fine.

The way traceroute works is to send out a sequence of packets with
their "hop count" set artificially high but decreasing by one every so
often.  Each router the packet traverses will increment the hop count.
If the hop count gets too large, the router will drop the packet and
send back an ICMP TIME_EXCEEDED message.  It's those messages that
traceroute detects and uses to map out the route packets take: as the
initial hop count is decreased, packets get further and further
towards their destination before being dropped.  You get the `*'
output when there has been no response after a suitably long time.

Now, the outgoing packets used by traceroute may be of any type: TCP,
UDP, whatever. FreeBSD uses a UDP packet to a high numbered port (33434
or above) by default, but you can change that by use of the -P and -p
flags to traceroute.  I'm guessing that Windows uses a different
packet type and your router is passing those.  I'm not sure what
RedHat uses --- probably the same as most Unices.
 
> So then I though ok perhaps it is the default firewall on the
> FreeBSD 4.6 installation.  I tried listing the firewall rules, but
> just got:-
> 
> ipfw: getsockopt (IP_FW_GET): Protocol not available
> 
> Next I tried flushing any firewall rules, says "yes" I was sure, but
> I got the same error as above.

There isn't any firewalling on default installations of FreeBSD ---
you have to deliberately set it up if you want it.  That means setting
firewall_enable="YES" and firewall_type="whatever" in /etc/rc.conf and
rebooting with either a custom kernel compiled with `options
IPFIREWALL', or one where the ipfw.ko module is loaded, which you can
tell has happened by running kldstat.  The symptoms you describe lead
me to believe that you haven't actually configured any firewall on
your machine.

Try traceroute from your other boxes to your FreeBSD box, and from
your FreeBSD box to your RedHat box while you're running tcpdump on
the target machine to see if you can figure out exactly what each OS
does differently.

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
Tel: +44 1628 476614                                  Marlow
Fax: +44 0870 0522645                                 Bucks., SL7 1TH UK




More information about the Ukfreebsd mailing list