Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 10 Apr 2004 10:03:42 -0400
From:      Bob Johnson <bob89@bobj.org>
To:        freebsd-questions@freebsd.org
Cc:        Jeff Coleman <spirit@freeshell.org>
Subject:   Re: Traceroute issue
Message-ID:  <200404101003.42987.bob89@bobj.org>
In-Reply-To: <000001c41e39$c271bee0$3500a8c0@junior>
References:  <000001c41e39$c271bee0$3500a8c0@junior>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Friday 09 April 2004 09:51 am, Jeff Coleman <"Jeff Coleman" 
<spirit@freeshell.org>> wrote:
> I am a new user of BSD and have set up a machine to learn on,
> I have version 5.2 on it  and it cannot traceroute out. none of the
> hops resolve
> Pings work fine, and nslookup does as well.
>

In my experience, this is usually caused by a firewall that blocks 
either the traceroute packets, or the replies to them.  For traceroute 
to work correctly, you must be able to receive ICMP TIME EXCEEDED and 
ICMP PORT UNREACHABLE packets, and the target system must reject 
(rather than accept or silently drop) the query packet that reaches it.  
You must also be able to send UDP packets to arbitrary ports.

If you are not seeing anything at all along a multi-hop path, I suspect 
that you have a firewall blocking incoming ICMP TIME EXCEEDED packets, 
but there are many other possibilities.  If you are running a firewall 
on your system (e.g. IPFW), then try turning it off and doing a 
traceroute.

BSD ping uses ICMP ECHO REQUEST and ECHO RESPONSE packets, so if it is 
working then at least some ICMP packets are getting through.

- Bob



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?200404101003.42987.bob89>