Subject: Re: traceroute broken on YDL 2.0?
From: Kevin B. Hendricks (khendricks@ivey.uwo.ca)
Date: Mon Jul 30 2001 - 08:46:14 MDT
Hi,
I will check that but I can use traceroute taken from YDL 1.2 (which actually
is the exact same version of traceroute except compiled for glibc -2.1.3 and
kernel 2.2.X) with absolutely no problems on my machine (and the same
firewall is used).
/sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp
If I remember correctly, doesn't the implementation of sendto rely on kernel?
Hmm... it could be ipchains related but the old traceroute works fine.
Kevin
On Monday 30 July 2001 09:28, you wrote:
> On July 30, 2001 06:59 am, you wrote:
> > Hi,
> >
> > It seems traceroute is acting up on YDL 2.0.
> >
> > Here is the error message:
> >
> > [root@localhost traceroute-1.4a5]# ./traceroute www.yahoo.com
> > traceroute: Warning: www.yahoo.com has multiple addresses; using
> > 64.58.76.223 traceroute to www.yahoo.akadns.net (64.58.76.223), 30 hops
> > max, 38 byte packets
> > traceroute: sendto: Operation not permitted
> > 1 traceroute: wrote www.yahoo.akadns.net 38 chars, ret=-1
> > *traceroute: sendto: Operation not permitted
> > traceroute: wrote www.yahoo.akadns.net 38 chars, ret=-1
>
> It looks to me like you're running a firewall that's blocking traceroute.
> If you're using iptables you can add this rule to allow traceroute to work
> properly.
>
> IPTABLES -A INPUT -p udp --sport 32769:65535 --dport 33434:33523 -j ACCEPT
>
> It's farly easy to translate the above rule to use ipchains as well. See
> man ipchains, and man iptables to help you out with the translation.
>
> Neil
This archive was generated by hypermail 2a24 : Mon Jul 30 2001 - 07:53:55 MDT