OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: rabievdm on October 27, 2017, 09:18:14 am
-
Hi,
I'm trying to run a tracepath from an internal linux box to a box on the internet but the tracepath stops at the firewall. I have checked the logs (see below) and I don't have an IPS on the internal or internet interface (pppoe).
It looks like the firewall is passing the traffic, but it's not succeeding.
I have run the same command (same destination) at another location that has a Palo Alto firewall and the tracepath completed successfully.
Tracepath used UDP packets to test the MTU size of the links along the way to the destination.
Any thoughts? Am I barking up the wrong firewall tree (seeing as the firewall is always to blame :) )
(IP's have been masked below)
--snip--firewall log--
00:00:00.988106 rule 80/0(match): pass in on vtnet0: (tos 0x0, ttl 9, id 0, offset 0, flags [DF], proto UDP (17), length 1500)
192.168.235.2.47894 > 156.156.16.6.44469: UDP, length 1472
00:00:00.012892 rule 72/0(match): pass out on pppoe0: (tos 0x0, ttl 8, id 0, offset 0, flags [DF], proto UDP (17), length 1500)
156.255.106.183.60807 > 156.156.16.6.44469: UDP, length 1472
--snip--
--snip--tracepath--
[root@bob ~]# tracepath -n 156.156.16.6
1?: [LOCALHOST] pmtu 1500
1: 192.168.235.1 0.351ms
1: 192.168.235.1 0.166ms
2: no reply
3: no reply
4: no reply
5: no reply
6: no reply
7: no reply
8: no reply
--snip--