traceroute send failed: Operation not permitted [Archive]

View Full Version : traceroute send failed: Operation not permitted

powereds

7th June 2006, 01:41 PM

hi all,

good day.
when i try to run the command "traceroute www.yahoo.com" from root terminal, i got this error:
[root@bordeaux ~]# traceroute 66.94.230.49
traceroute to 66.94.230.49 (66.94.230.49), 30 hops max, 40 byte packets
send failed: Operation not permitted
send failed: Operation not permitted
send failed: Operation not permitted
send failed: Operation not permitted
1 58.69.234.18 (58.69.234.18) 0.000 ms 0.000 ms 0.000 ms
[root@bordeaux ~]#
this linux box is now directly facing the internet with iptables-netfilter running.
when i put it inside the private network, i can successfully traceroute.

any idea how to make traceroute run successfully?
thanks in advance.

powereds

7th June 2006, 02:05 PM

when i stop the firewall,
root@bordeaux ~]# service iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter mangle [ OK ]
Unloading iptables modules: [ OK ]
[root@bordeaux ~]#
and run "traceroute www.yahoo.com", it run sucessfully.
[root@bordeaux ~]# traceroute www.yahoo.com
traceroute to www.yahoo.com (66.94.230.39), 30 hops max, 40 byte packets
1 58.69.234.xxx (58.69.234.xxx) 0.740 ms 0.620 ms 0.631 ms
2 58.69.150.xxx (58.69.150.xxx) 44.196 ms 44.285 ms 45.433 ms
3 58.69.255.xxx (58.69.255.xxx) 48.348 ms 44.455 ms 47.136 ms
4 210.5.64.253 (210.5.64.253) 208.577 ms 205.648 ms 199.667 ms
5 210.14.0.38 (210.14.0.38) 56.920 ms 55.423 ms 58.564 ms
6 58.71.0.143 (58.71.0.143) 58.889 ms 55.597 ms 56.331 ms
7 if-10-0.core1.LXE-LosAngeles.teleglobe.net (216.6.90.21) 295.065 ms 295.792 ms 295.774 ms
8 if-8-0.core2.LXE-LosAngeles.Teleglobe.net (64.86.80.14) 386.636 ms 383.203 ms 375.098 ms
9 if-1-2.mcore4.LAA-LosAngeles.teleglobe.net (216.6.85.9) 358.017 ms 409.153 ms 411.139 ms
10 if-5-0.mcore4.PDI-PaloAlto.teleglobe.net (216.6.86.9) 302.493 ms 300.077 ms 303.858 ms
11 if-3-0.core2.PDI-PaloAlto.teleglobe.net (216.6.86.18) 264.473 ms 263.423 ms 263.158 ms
12 ix-1-0.core2.PDI-PaloAlto.Teleglobe.net (64.86.84.146) 303.120 ms 299.342 ms 301.500 ms
13 ge-3-0-0-p250.msr2.scd.yahoo.com (216.115.106.181) 263.727 ms 267.255 ms 263.401 ms
14 ten-2-3-bas2.scd.yahoo.com (66.218.82.223) 426.890 ms 423.939 ms 422.370 ms
15 p8.www.scd.yahoo.com (66.94.230.39) 261.917 ms 301.883 ms 264.929 ms
[root@bordeaux ~]#
its the iptables thats preventing traceroute.

thanks.

tebbens

7th June 2006, 02:20 PM

Check iptables....

# iptables -v -L
# cat /etc/sysconfig/iptables

You should have an ICMP entry. This is mine...
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

Mabuhay !! :)