Re: Wierd problem with CIPE

From: James Knott (bit_bucket_at_rogers.com)
Date: 08/04/03 

Date: Mon, 04 Aug 2003 20:10:29 GMT

James Knott wrote:

> I've set up a CIPE VPN between my notebook and home network. I have
> noticed a peculiar situation in that traceroute and other UDP packets seem
> to have a problem going from my firewall to the notebook, but not the
> otherway
> around. For example a traceroute from the firewall to the notebook shows
> 12 hops, but going the other way from notebook to firewall shows only one.
> SMB & NFS browsing from my home network to notebook also works fine, but
> is
> incredibly slow in the other direction. FTP browsing is OK. Ping and TCP
> apps work well in both directions.
>
> I'm running Red Hat 7.3 on both ends. The notebook is connected to a dial
> up ISP and the firewall to a cable modem. I have also run md5sum on
> /usr/sbin/ciped-cb on both systems, which verified that the files are
> identical. Other than the necessary address differences, both systems are
> configured identically. When runnig traceroute, I don't even see the data
> lights on the modems flash, until the 12th "hop", so something is
> happening
> within my firewall, to cause this problem. I'm running IPTables on the
> firewall, with the appropriate UDP port open.
>
> I haven't a clue as to what might be causing this. Any ideas?

Further on this. I have noticed that the Time To Live count in the
encrypted packets from the firewall, increment from one, following the TTL
in the original traceroute packet. But when I check the packets, while
running a traceroute from the notebook, the TTL remains constant at 40
(hex). 

-- 
Fundamentalism is fundamentally wrong.
To reply to this message, replace everything to the left of "@" with 
james.knott.

Relevant Pages

  • Re: Apache 1.3 Problems
    ... Did the server restart at all and if so are the ... >>>Sounds like a firewall issue. ... >> shows any tcp packets at all getting through except when lynx is run ... Can you show us a 'traceroute bbrb-isp.Stanford.EDU' from your machine? ...
    (freebsd-questions)
  • Re: iptables bug?
    ... >firewall to accept outgoing UDP packets on ports 33434+x. ... at this time a traceroute from my local network to an external ... >Am I doing something wrong or is it even an iptables bug? ...
    (comp.os.linux.security)
  • Wierd problem with CIPE
    ... I've set up a CIPE VPN between my notebook and home network. ... a peculiar situation in that traceroute and other UDP packets seem to have ... For example a traceroute from the firewall to the notebook shows ...
    (comp.os.linux.networking)
  • Re: Traceroute issue
    ... > I have version 5.2 on it and it cannot traceroute out. ... this is usually caused by a firewall that blocks ... ICMP PORT UNREACHABLE packets, and the target system must reject ... BSD ping uses ICMP ECHO REQUEST and ECHO RESPONSE packets, ...
    (freebsd-questions)
  • Re: where are my packets getting filtered?
    ... I know that packets are not getting to Z ... > from host A (but I know they are from, say, host foo, since I know I ... > 1) host A's firewall is filtering out my packets ... traceroute z -p ...
    (comp.os.linux.security)