On Sun, Jul 29, 2001 at 02:04:26AM -0500, Hall Stevenson wrote: > > Any ideas why I'm unable to run a traceroute to an IP address without > first pinging it ?? If I try and trace a site, it does little to
I am not sure here.
> I do have an IPTABLES firewall running. Pinging a site does nothing to
> the firewall's logs. Using traceroute does. This is the relevant
> firewall rule, I think:
traceroute doesn't use ICMP (at least, not primarily). It uses UDP. I
assume you're filtering UDP somehow? traceroute runs on a high port
(somewhere in the 30000+ range). Here's a quote from the traceroute man
page:
This program attempts to trace the route an IP packet
would follow to some internet host by launching UDP probe
packets with a small ttl (time to live) then listening for
an ICMP "time exceeded" reply from a gateway.
noah
--
_______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html
pgpWWqL9QcCGB.pgp
Description: PGP signature
