[afnog] problem tracing route to google.com
Liliane Uwarugira
luwarugira at bk.rw
Thu Aug 11 06:52:30 UTC 2011
Hi Hugo, scott and Serge,
Thank you for quick replies. Below is the access-list and the trace route
from my firewall does not reach google.
access-list inside_out extended permit icmp [my net range] any
Regards,
Liliane U.
-----Original Message-----
From: Hugo Lombard [mailto:hal at elizium.za.net]
Sent: Wednesday, August 10, 2011 7:33 PM
To: Liliane Uwarugira
Cc: afnog at afnog.org
Subject: Re: [afnog] problem tracing route to google.com
On Wed, Aug 10, 2011 at 06:16:09PM +0200, Liliane Uwarugira wrote:
>
> Could you kindly help! I have problem on an outside interface (to
> internet); I can successfully ping goolge, but it's strange on the
> tracert.
>
> Check the scenario :
>
[...]
> C:\Users\user>tracert 209.85.148.105
>
Hi Liliane
Can you successfully traceroute anywhere else?
What rules did you add for allowing tracert?
Seeing that the final hop responds, my first guess would be that your
firewall is not allowing the ICMP Time Exceeded packets (generated from
the TTL expiring along the route) through.
Regards
--
Hugo Lombard
More information about the afnog
mailing list