lee at unassemble.co.uk
Sat Jun 22 20:43:15 BST 2002
Thanks for that.
Sorry I was wrong in my initial question. Redhat 7.3 did not like
However what I have found out is that both Redhat 7.3 & FreeBSD (at least in
my tests anyway) use the same port range 33435->33437 for tracerouting.
It did manage to get Redhat to work on traceroute by using one of the
command line switches, -I, this makes it use ICMP ECHO instead of UDP.
This option is not available on FreeBSD, I tried emulating this by using:
traceroute -P ICMP x.x.x.x.x
But this did not work.
As I said this not a major problem more of an annoyance, at least I know it
is not a problem the freeBSD box now.
I would be happy for any more suggestions on this, but many thanks for the
advise you have given. Who said problems cannot be fun, aye.
----- Original Message -----
From: "Matthew Seaman" <m.seaman at infracaninophile.co.uk>
To: "Lee" <lee at unassemble.co.uk>
Cc: <freebsd-users at uk.freebsd.org>
Sent: Saturday, June 22, 2002 7:47 PM
Subject: Re: Tracerouting
> On Sat, Jun 22, 2002 at 06:53:10PM +0100, Lee wrote:
> > However whenever I try to traceroute, anything beyond the initial hop
(my router) is not returning I just get:-
> > 2 * * *
> > 3 * * *
> > 4 * * *
> > 5 * * * etc
> Your router is filtering out the outgoing packets that FreeBSD
> traceroute uses.
> > I though I may be my router, but the other 3 computers on my network
> > (a RedHat 7.3 / Windows 98, Windows Me & a WIndows 2K laptop) Work
> > fine.
> The way traceroute works is to send out a sequence of packets with
> their "hop count" set artificially high but decreasing by one every so
> often. Each router the packet traverses will increment the hop count.
> If the hop count gets too large, the router will drop the packet and
> send back an ICMP TIME_EXCEEDED message. It's those messages that
> traceroute detects and uses to map out the route packets take: as the
> initial hop count is decreased, packets get further and further
> towards their destination before being dropped. You get the `*'
> output when there has been no response after a suitably long time.
> Now, the outgoing packets used by traceroute may be of any type: TCP,
> UDP, whatever. FreeBSD uses a UDP packet to a high numbered port (33434
> or above) by default, but you can change that by use of the -P and -p
> flags to traceroute. I'm guessing that Windows uses a different
> packet type and your router is passing those. I'm not sure what
> RedHat uses --- probably the same as most Unices.
> > So then I though ok perhaps it is the default firewall on the
> > FreeBSD 4.6 installation. I tried listing the firewall rules, but
> > just got:-
> > ipfw: getsockopt (IP_FW_GET): Protocol not available
> > Next I tried flushing any firewall rules, says "yes" I was sure, but
> > I got the same error as above.
> There isn't any firewalling on default installations of FreeBSD ---
> you have to deliberately set it up if you want it. That means setting
> firewall_enable="YES" and firewall_type="whatever" in /etc/rc.conf and
> rebooting with either a custom kernel compiled with `options
> IPFIREWALL', or one where the ipfw.ko module is loaded, which you can
> tell has happened by running kldstat. The symptoms you describe lead
> me to believe that you haven't actually configured any firewall on
> your machine.
> Try traceroute from your other boxes to your FreeBSD box, and from
> your FreeBSD box to your RedHat box while you're running tcpdump on
> the target machine to see if you can figure out exactly what each OS
> does differently.
> Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
> Savill Way
> Tel: +44 1628 476614 Marlow
> Fax: +44 0870 0522645 Bucks., SL7 1TH UK
> ------ FreeBSD UK Users' Group - Mailing List ------
More information about the Ukfreebsd