SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-15-2008, 10:21 AM
| ||||
| ||||
 Cannot traceroute from SCO through LINUX but from windows 2000 W2K (A) ---------> LINUX GATEWAY (C) --------> The world OSR5 (B) --------->X From the illustration above, (A) I could do both "ping" and "tracert" to the world from windows 2000. (B) I could not "traceroute" from OSR5 to the world but I could "ping" the world from OSR5. What could cause this problem, as I know both "traceroute" and "ping" are using icmp. Thanks for any help, Chalawal      |
|
02-15-2008, 10:22 AM
| |||
| |||
| Re: Cannot traceroute from SCO through LINUX but from windows 2000 On 20 Aug 2003, Chalawal Maliwan wrote: > W2K (A) ---------> > LINUX GATEWAY (C) --------> The > world > OSR5 (B) --------->X > > From the illustration above, > > (A) I could do both "ping" and "tracert" to the world from windows > 2000. > (B) I could not "traceroute" from OSR5 to the world but I could "ping" > the world from OSR5. > > What could cause this problem, as I know both "traceroute" and "ping" > are using icmp. > This is not true. Traceroute normally sends out UDP packets with a high destination port number) and increasing TTLs. It then picks up the resulting icmp replies (ttl exceeded). |
|
02-15-2008, 10:23 AM
| |||
| |||
| Re: Cannot traceroute from SCO through LINUX but from windows 2000 > > Unreadable mess. Repackage for 80 column screens. Sorry, I repackaged it again. please see below OSR5 -> LINUX (2IPs LAN+WAN) --> Internet W2K -> - I can ping the internet but not traceroute from OSR5 - I can do both ping and tracert from W2K to the Internet > Can you traceroute from OSR5 to any of the local machines by IP > address? If not, what error message do you get? > Yes, to others but not the LINUX LAN IP > Can you traceroute from oSR5 to any of the local machines by machine > name? If you can traceroute by IP, but not by machine name, check the > contents of /etc/hosts and /etc/resolv.conf for name lookup problems. Yes, but not the LINUX's machine name > If both the above work, can you traceroute by IP address to any > machine on the internet? Pick one that actually returns ICMP packets. > If not, what error message do you get? If not, your Linux gateway is > doing something to the packets. No, so my linux is doing something to the package when the source IP is from the OSR5 only? > If you can traceroute to the internet by IP address, try it by name. > If the name does not work, but the IP address does, your Linux gateway > is doing something to DNS lookups. The traceroute using name is given below #traceroute mail.yahoo.com traceroute to login.yahoo.akadns.net (66.163.171.128), 30 hops max, 40 byte pack ets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * ........ Thanks for your kind help, Chalawal |
|
02-15-2008, 10:23 AM
| |||
| |||
| Re: Cannot traceroute from SCO through LINUX but from windows 2000 On 21 Aug 2003 16:35:03 -0700, chalawal@hotmail.com (Chalawal Maliwan) wrote: >- I can ping the internet but not traceroute from OSR5 >- I can do both ping and tracert from W2K to the Internet > >> Can you traceroute from OSR5 to any of the local machines by IP >> address? If not, what error message do you get? >> >Yes, to others but not the LINUX LAN IP Since you need to go *THROUGH* the Linux gateway to get to the internet, this is the first problem that needs to be solved. Let's concentrate on this one. I forgot to ask: Can you ping the Linux box from the OSR5 machine by IP address? My guess(tm) is that you cannot. Since the W2K box can probably (not sure) ping the Linux box, I'll assume that the Linux box is properly configured. More questions: Is the Linux box and OSR5 box on the same Class C subnet? Are the subnet masks the same on all machines? (i.e. 255.255.255.0) You can display those on OSR5 with: ifconfig -a or perhaps: ifconfig net0 The "ffffff00" means 255.255.255.0 The W2K box will show the IP's in a "CMD" window with: ipconfig or: ipconfig -a The unspecified Linux mutation box will probably use: /sbin/ifconfig Compare the numbers, Class C IP blocks, and netmasks. >> Can you traceroute from oSR5 to any of the local machines by machine >> name? If you can traceroute by IP, but not by machine name, check the >> contents of /etc/hosts and /etc/resolv.conf for name lookup problems. > >Yes, but not the LINUX's machine name That's understandable since you also cannot traceroute to the Linux box by IP address. If the IP address does not work, the name will also not work. Let's ignore the DNS (name service) issues for now and do everything with IP addresses. Once that is working, we may be lucky and have the DNS lookups working. >> If both the above work, can you traceroute by IP address to any >> machine on the internet? Pick one that actually returns ICMP packets. >> If not, what error message do you get? If not, your Linux gateway is >> doing something to the packets. > >No, so my linux is doing something to the package when the source IP >is from the OSR5 only? No. I don't think so. Since you cannot DIRECTLY ping the Linux box, you cannot route to it, send packets through it, or expect anything to be returned from a remote internet host. Concentrate on why the OSR5 box cannot traceroute (or possibly cannot ping) the Linux box. -- # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060 # 831.336.2558 voice http://www.LearnByDestroying.com # jeffl@comix.santa-cruz.ca.us # 831.421.6491 digital_pager jeffl@cruzio.com AE6KS |
|
02-15-2008, 10:23 AM
| |||
| |||
| Re: Cannot traceroute from SCO through LINUX but from windows 2000 On 21 Aug 2003, Chalawal Maliwan wrote: > > > > Unreadable mess. Repackage for 80 column screens. > > Sorry, I repackaged it again. please see below > > OSR5 -> > LINUX (2IPs LAN+WAN) --> Internet > W2K -> > > - I can ping the internet but not traceroute from OSR5 > - I can do both ping and tracert from W2K to the Internet > > > Can you traceroute from OSR5 to any of the local machines by IP > > address? If not, what error message do you get? > > > Yes, to others but not the LINUX LAN IP > OK, I think I have the solution for you. Microsoft tracert uses outgoing icmp packets. Most *nix systems use outgoing UDP packets, with port numbers starting from 33434 and incremented from there. Perhaps the firewall on the Linux box is dropping the UDP traceroute packets? Try using tcpdump and see what traffic is on the LAN interface of the Linux box when: 1. You do a tracert from the W2K box 2. When you do a traceroute from the OSR5 box. Note there are also traceroute implementations that use TCP packets. |
|
02-15-2008, 10:24 AM
| |||
| |||
| Re: Cannot traceroute from SCO through LINUX but from windows 2000 > Since you need to go *THROUGH* the Linux gateway to get to the > internet, this is the first problem that needs to be solved. Let's > concentrate on this one. I forgot to ask: > Can you ping the Linux box from the OSR5 machine by IP address? > My guess(tm) is that you cannot. I can > > Since the W2K box can probably (not sure) ping the Linux box, I'll > assume that the Linux box is properly configured. More questions: > > Is the Linux box and OSR5 box on the same Class C subnet? > Are the subnet masks the same on all machines? (i.e. 255.255.255.0) They are all on the same class C subnet > > No. I don't think so. Since you cannot DIRECTLY ping the Linux box, > you cannot route to it, send packets through it, or expect anything to > be returned from a remote internet host. Concentrate on why the OSR5 > box cannot traceroute (or possibly cannot ping) the Linux box. OSR5 can directly ping the LINUX box (Both LAN and WAN IPs) but cannot traceroute through it Thanks for your kind advise, Chalawal |
|
02-15-2008, 10:24 AM
| |||
| |||
| Re: Cannot traceroute from SCO through LINUX but from windows 2000 On 22 Aug 2003 18:55:35 -0700, chalawal@hotmail.com (Chalawal Maliwan) wrote: >> Since you need to go *THROUGH* the Linux gateway to get to the >> internet, this is the first problem that needs to be solved. Let's >> concentrate on this one. I forgot to ask: >> Can you ping the Linux box from the OSR5 machine by IP address? >> My guess(tm) is that you cannot. > >I can So much for that guess. That might mean that the Linux box is either not responding to UDP/ICMP traceroute packets possibly because you have some kind of misconfigured firewall (IPChains, IPFilters) running on the Linux LAN port. Without detailed knowledge of the Linux configuration I have no way to determine exactly what is happening. Dumb questions: Can the OSR5 box ping the W2K box by IP address? Can it traceroute the W2K box by IP address? >OSR5 can directly ping the LINUX box (Both LAN and WAN IPs) but cannot >traceroute through it The real mystery is why the W2K tracert works and the OSR5 traceroute does not. One would therefore suspect the OSR5 box. However, there is no guarantee that the OSR5 box uses exactly the same traceroute mechanism as W2K. I'm not sure what to do next. Packet sniffing is my favorite tool. Without additional information (exact error messages, version numbers, Linux incantation, IP addresses, etc), there's not much that I can do from here. Sorry. -- # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060 # 831.336.2558 voice http://www.LearnByDestroying.com # jeffl@comix.santa-cruz.ca.us # 831.421.6491 digital_pager jeffl@cruzio.com AE6KS |
|
02-15-2008, 10:24 AM
| |||
| |||
| Re: Cannot traceroute from SCO through LINUX but from windows 2000 Chalawal Maliwan wrote: [quoting Jeff Liebermann:] > > Since you need to go *THROUGH* the Linux gateway to get to the > > internet, this is the first problem that needs to be solved. Let's > > concentrate on this one. I forgot to ask: > > Can you ping the Linux box from the OSR5 machine by IP address? > > My guess(tm) is that you cannot. > > I can > > > Since the W2K box can probably (not sure) ping the Linux box, I'll > > assume that the Linux box is properly configured. More questions: > > > > Is the Linux box and OSR5 box on the same Class C subnet? > > Are the subnet masks the same on all machines? (i.e. 255.255.255.0) > > They are all on the same class C subnet > > > No. I don't think so. Since you cannot DIRECTLY ping the Linux box, > > you cannot route to it, send packets through it, or expect anything to > > be returned from a remote internet host. Concentrate on why the OSR5 > > box cannot traceroute (or possibly cannot ping) the Linux box. > > OSR5 can directly ping the LINUX box (Both LAN and WAN IPs) but cannot > traceroute through it I haven't seen anyone ask you what happens if you `traceroute -n` from the OSR5 box. DNS issues can cause `traceroute` to appear to be failing when in fact it is succeeding, but getting hung up looking for the name of the machine whose reply packet it received. I know you don't think you have DNS issues, but try it anyway. >Bela< |
|
02-15-2008, 10:25 AM
| |||
| |||
| Re: Cannot traceroute from SCO through LINUX but from windows 2000 Hi, sorry for my late response. > Microsoft tracert uses outgoing icmp packets. Most *nix systems use > outgoing UDP packets, with port numbers starting from 33434 and > incremented from there. > > Perhaps the firewall on the Linux box is dropping the UDP traceroute > packets? Yes, I think that's the reason! My iptables config on my linux machine shows that it's blocking the ports of the UDP packets' range. Tell me if I am right. *filter :INPUT ACCEPT [902:59959] :FORWARD ACCEPT [24:1928] > > Try using tcpdump and see what traffic is on the LAN interface of the > Linux box when: > 1. You do a tracert from the W2K box > 2. When you do a traceroute from the OSR5 box. > > Note there are also traceroute implementations that use TCP packets. I tried using sniffer pro on my windows box and it shows that, from OSR5, traceroute was using UDP packets starting from 33434. traceroute using TCP? I saw there was an option -I on LINUX to change from sending UDP packets to ICMP Echo but not on OSR5. Thanks for your help, Chalawal |
|
02-15-2008, 10:25 AM
| ||||
| ||||
| Re: Cannot traceroute from SCO through LINUX but from windows 2000 On 27 Aug 2003, Chacrint Charinthorn wrote: > Hi, sorry for my late response. > > > Microsoft tracert uses outgoing icmp packets. Most *nix systems use > > outgoing UDP packets, with port numbers starting from 33434 and > > incremented from there. > > > > Perhaps the firewall on the Linux box is dropping the UDP traceroute > > packets? > > Yes, I think that's the reason! > My iptables config on my linux machine shows that it's blocking the > ports of the UDP packets' range. Tell me if I am right. > > *filter > :INPUT ACCEPT [902:59959] > :FORWARD ACCEPT [24:1928] I don't recognize the syntax of the configuration above: I am used to writing scripts that call iptables directly. Assuming the above refers to UDP (which may be a bad assumption), I would guess, though, that you should be able to traceroute to the Linux box (note I mean a traceroute with the *endpoint* set as the Linux box), but not traceroute for anything beyond the Linux box. It might be clearer to post the results of the following command: /sbin/iptables -L -n There are a lot of tutorials about Netfilter/Iptables on the web. One fundamental issue you need to understand about its operation is that the INPUT chain only affects packets that have the Linux box as their endpoint. Packets that should be forwarded do not go through the INPUT or OUTPUT chains: instead they go through the FORWARD chain. > > Note there are also traceroute implementations that use TCP packets. > > I tried using sniffer pro on my windows box and it shows that, from > OSR5, traceroute was using UDP packets starting from 33434. > > traceroute using TCP? I saw there was an option -I on LINUX to change > from sending UDP packets to ICMP Echo but not on OSR5. It is a different program, called "tcptraceroute" |
Linear Mode
