Route Question

From: Dan Bent (dbent_at_benefit-systems.com)
Date: 01/30/04 

Date: 30 Jan 2004 00:50:29 -0800

I've got a problem I've never seen, and I'm not even sure where to ask
the question, or what information to provide, so bear with me. I have
a firewall running OpenBSD 3.4, and a web server running FreeBSD 4.9.
The firewall's internal interface ia 10.0.1.254. The web server is
10.0.1.251. I can ping and traceroute to the 10.0.1.251 box from
machines inside the firewall, and I get normally expected results
(quick pings, and a route directly to 10.0.1.251). However, when I
traceroute to 10.0.1.251 from the firewall (10.0.1.254), it seems to
get hung up trying to get there through the localhost.

$ traceroute 10.0.1.251
traceroute to 10.0.1.251 (10.0.1.251), 64 hops max, 40 byte packets
 1 localhost (127.0.0.1) 0.745 ms 0.618 ms 0.235 ms
 2 localhost (127.0.0.1) 0.620 ms 0.642 ms 0.400 ms
 3 localhost (127.0.0.1) 0.507 ms 0.735 ms 0.494 ms
 4 localhost (127.0.0.1) 0.614 ms 0.859 ms 0.402 ms
 5 localhost (127.0.0.1) 0.477 ms 0.947 ms 0.681 ms
 6 localhost (127.0.0.1) 0.767 ms 1.8 ms 0.857 ms
 7 localhost (127.0.0.1) 1.13 ms 1.142 ms 0.904 ms
 8 localhost (127.0.0.1) 0.974 ms 1.164 ms^C

Routing table on firewall looks like this:
$ route show
Routing tables

Internet:
Destination Gateway Flags
default 204.128.254.254 UG
10.0.1.0 link#2 U
10.0.1.1 0:60:b0:4a:79:eb UH
10.0.1.6 0:30:6e:13:b6:bc UH
10.0.1.19 2:7:1:1c:5c:32 UH
10.0.1.23 0:4:76:f2:82:89 UH
10.0.1.45 0:1:3:c4:81:0 UH
10.0.1.73 0:4:76:b7:1f:b5 UH
gate localhost UGH
10.0.1.254 0:40:ca:19:dc:84 UH
127.0.0.0 localhost UG
localhost localhost UH
204.128.254.128 link#1 U
www 0:1:2:3b:8:47 UH
204.128.254.254 0:d0:58:a3:b2:b1 UH
BASE-ADDRESS.MCA localhost U

Why is that happening? Where should I look to correct it?
Thanks in advance.

Relevant Pages

  • Re: System hanging when two network cards are active
    ... |> Ping might be disabled by your firewall setup script, ... |> and/or routing is bogus. ...
    (comp.os.linux.networking)
  • Re: Apache 1.3 Problems
    ... Did the server restart at all and if so are the ... >>>Sounds like a firewall issue. ... >> shows any tcp packets at all getting through except when lynx is run ... Can you show us a 'traceroute bbrb-isp.Stanford.EDU' from your machine? ...
    (freebsd-questions)
  • Re: tracert from A to B dies just before reaching B -- and vice versa?
    ... traceroute died just before reaching 67.43.158.218. ... the default is to use UDP packets. ... come as a surprise to you, but neither ICMP or UDP is used for SSH ... Dozens of explanations - most probably is the fact that firewall rules ...
    (comp.os.linux.networking)
  • ICMP pokes holes in firewalls...
    ... Traceroute uses two protocols: UDP and ICMP ... A system inside a firewall performs a traceroute to a system ... Traceroute chooses the next available UDP port. ...
    (Bugtraq)
  • Re: cannot ping from subnet A to subnet B for a specific host
    ... On your office router, do you have 192.168.5.x set up as a /24 network ... Failed to resolve Hop#1 [DNS Servers Reports Query Name Error] ... Traceroute from 192.168.11.65 to 192.168.5.10 ... The diagram makes it look like the firewall and the router are two ...
    (comp.dcom.sys.cisco)