From owner-freebsd-questions@FreeBSD.ORG  Thu Apr  3 15:19:18 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 00DF737B401
	for <freebsd-questions@freebsd.org>;
	Thu,  3 Apr 2003 15:19:18 -0800 (PST)
Received: from yowie.cc.uq.edu.au (yowie.cc.uq.edu.au [130.102.2.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1955B43FB1
	for <freebsd-questions@freebsd.org>;
	Thu,  3 Apr 2003 15:19:17 -0800 (PST)
	(envelope-from csmith@its.uq.edu.au)
Received: from its.uq.edu.au (tobermory.its.uq.edu.au [130.102.152.68])
	by yowie.cc.uq.edu.au (8.12.9/8.12.9) with ESMTP id h33NJEfI032691;
	Fri, 4 Apr 2003 09:19:14 +1000 (GMT+1000)
Date: Fri, 4 Apr 2003 09:19:13 +1000
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v551)
To: toni@stderror.at
From: Christopher Smith <csmith@its.uq.edu.au>
In-Reply-To: <20030403084755.GC10973@devil.stderror.at>
Message-Id: <AEBA4362-662A-11D7-BABB-000502F96668@its.uq.edu.au>
Content-Transfer-Encoding: 7bit
X-Mailer: Apple Mail (2.551)
cc: freebsd-questions@freebsd.org
Subject: Re: Weird traceroute problem
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Apr 2003 23:19:18 -0000


On Thursday, April 3, 2003, at 06:47  PM, Toni Schmidbauer wrote:

> On Thu, Apr 03, 2003 at 03:08:52PM +1000, Christopher Smith wrote:
>> I have two firewalls - the second is being prepped to replace the
>> first.  All networking from the second machine appears to be fine
>> *except* traceroute looks broken.  This happens:
>
> could it be that your second maschine blocks all incoming icmp
> traffic? so the traceroute udp packets are leaving your network but
> the time exceeded or port unreachable icmp packets coming back are
> blocked?

There are no rules on the second machine yet.

 From a tcpdump, it appears there are no icmp messages being returned by 
the routers.  However, I don't understand why this only happens to this 
one machine - both the other firewall and the target host can 
traceroute through the same routers fine...

Is there some weird bug in 4.8 that affects whether or not icmp 
messages are received ?

-- 
+- Christopher Smith, Systems Administrator 
------------------------------+
|  Server & Security Group, Information Technology Services             
   |
|  The University of Queensland, Brisbane, Australia, 4072              
   |
+- Ph +61 7 3365 4046 | email csmith@its.uq.edu.au | Fax +61 7 3365 
4065 -+