My friend successfully deploy ClearOS, a Linux flavor, as Firewall and Gateway Server in his
network and he face a bit strange problem, he was able to ping any outer
network server / website from his Linux or Windows Pc behind Linux ClearOS Firewall but he was only
able to tracert from Windows because
when he tries to traceroute from his
Linux box, all hopes drops. His working
scenario was almost something as under;
We (me & my friend) start analyzing this issue, as I was
facing this issue for the 1st time ever. Soon we come to know that
by default Linux Traceroute Command work under UDP (User Data Protocol) with destination port numbers from 33434
to 33534 and PING command test the
reachability of a host on an IP (Internet Protocol). PING operates by sending ICMP
echo request packets to its target. Wrap Up discussions as per Wikipedia “If a network has a firewall and operates
both MS Windows and Unix-like systems, both protocols must be enabled inbound
through the firewall”. During my search over the internet , I also find
it’s partial solution that was also on Wikipedia “The implementations of traceroute
shipped with Linux, FreeBSD, NetBSD, OpenBSD, DragonFly BSD, and
Mac OS X include an option to use ICMP Echo packets (-I) or any
arbitrary protocol (-P) such as UDP, TCP, ICMP.”
We test Traceroute command
quickly as,
traceroute –l google.com
Hurrah! It works, but that was
required that we must teach every user in our network that please use –l for Traceroute on their Linux box. With little research, we come to know that in iptables, we must allow traceroute on
our ClearOS Firewall.
Comments
Post a Comment