[j-nsp] Difficulty with traceroute and stateful-firewall services...
Michael Loftis
mloftis at wgops.com
Mon Apr 11 12:00:56 EDT 2005
I can't seem to quite get traceroute to work right with the Juni FW
services...
traces all end up sort of like this (i redacted the router and nearest IP,
sorry):
root at host # traceroute www.google.com
traceroute: Warning: www.google.com has multiple addresses; using
66.102.7.147
traceroute to www.l.google.com (66.102.7.147), 30 hops max, 38 byte packets
1 rtr (<rtr ip>) 1.316 ms 1.173 ms 1.161 ms
2 * * *
3 * * *
4 * * *
5 ra1so-ge3-2-11.cg.bigpipeinc.com (66.244.207.237) 32.146 ms 30.794 ms
32.069 ms
6 rc1so-ge9-6.cg.shawcable.net (66.163.71.141) 32.092 ms 31.429 ms
31.327 ms
7 rc1wh-pos12-0.vc.shawcable.net (66.163.76.10) 32.584 ms 31.686 ms
31.577 ms
8 rc2wt-pos2-0.wa.shawcable.net (66.163.76.37) 31.459 ms 32.055 ms
31.973 ms
9 rc1sj-pos2-0.cl.shawcable.net (66.163.76.142) 55.037 ms 55.535 ms
55.063 ms
10 * * *
11 66.249.94.2 (66.249.94.2) 52.365 ms 52.758 ms 52.063 ms
12 64.233.174.54 (64.233.174.54) 53.077 ms 52.543 ms 53.316 ms
13 216.239.49.154 (216.239.49.154) 54.950 ms 58.735 ms 54.432 ms
14 * * *
...
etc....traceroutes with the stateful firewall turned down/off are fine.
any clues?
--
GPG/PGP --> 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E
More information about the juniper-nsp
mailing list