tracepath seemingly not working through firewall

[rabievdm]

Hi,

I'm trying to run a tracepath from an internal linux box to a box on the internet but the tracepath stops at the firewall. I have checked the logs (see below) and I don't have an IPS on the internal or internet interface (pppoe).
It looks like the firewall is passing the traffic, but it's not succeeding.
I have run the same command (same destination) at another location that has a Palo Alto firewall and the tracepath completed successfully.
Tracepath used UDP packets to test the MTU size of the links along the way to the destination.

Any thoughts? Am I barking up the wrong firewall tree (seeing as the firewall is always to blame )


(IP's have been masked below)
--snip--firewall log--
00:00:00.988106 rule 80/0(match): pass in on vtnet0: (tos 0x0, ttl 9, id 0, offset 0, flags [DF], proto UDP (17), length 1500)
    192.168.235.2.47894 > 156.156.16.6.44469: UDP, length 1472
00:00:00.012892 rule 72/0(match): pass out on pppoe0: (tos 0x0, ttl 8, id 0, offset 0, flags [DF], proto UDP (17), length 1500)
    156.255.106.183.60807 > 156.156.16.6.44469: UDP, length 1472
--snip--
--snip--tracepath--
[root@bob ~]# tracepath -n 156.156.16.6
 1?: [LOCALHOST]                                         pmtu 1500
 1:  192.168.235.1                                         0.351ms
 1:  192.168.235.1                                         0.166ms
 2:  no reply
 3:  no reply
 4:  no reply
 5:  no reply
 6:  no reply
 7:  no reply
 8:  no reply
--snip--