ScreenOS Firewalls (NOT SRX)
Reply
Regular Visitor
March75
Posts: 6
Registered: ‎04-07-2009
0

traceroute to interface

I have ns25 screenos 5.4.0r11.0. I can't do traceroute to interface from public address, i recieve time out message.

In self report: 2009-04-08 11:59:24 193.124.254.170:52682 xx.xx.xx.xx:33449 0 sec. UDP PORT 33449 

 

How can i resolve this issue?

Super Contributor
mehdi
Posts: 240
Registered: ‎08-19-2008
0

Re: traceroute to interface

Hi

 

i think you should to enabel trace or ping on the Public interface, could you get config | inc interfce (public) 

 

Regard 

**If this reply solved your problem click on Kudos **
Kind Regard
http://www.linkedin.com/in/mkhitmane
personal mail: mehdi.khitmane@gmail.com
Regular Visitor
March75
Posts: 6
Registered: ‎04-07-2009
0

Re: traceroute to interface

hi

 

ping enabled on interface and work fine

 

 

Trusted Expert Trusted Expert
Trusted Expert
WL
Posts: 790
Registered: ‎07-26-2008
0

Re: traceroute to interface

hmm from the trace you are using UDP? (UDP PORT 33449) I dont think that will work unles you have something specific permitting this.

If you are using icmp then it should be fine.

****pls click the button " Accept as Solution" if my post helped to solve your problem****
Regular Visitor
March75
Posts: 6
Registered: ‎04-07-2009
0

Re: traceroute to interface

hi

thanks all !

 

i think that will not work never (only ping to interface):-(((((((((((

 

htt^://en.wikipedia.org/wiki/Traceroute

 

" On modern Unix and Linux-based operating systems, the traceroute utility by default uses UDP datagrams with destination ports number from 33434 to 33534. The traceroute utility usually has an option to specify use of ICMP echo request (type 8) instead, as used by the Windows tracert utility. If you have a firewall and if you want traceroute to work from both machines (Unix/Linux and Windows) you will need to allow both protocols inbound through your firewall (UDP with ports from 33434 to 33534 and ICMP type 8)."

 

 i think that thread is closed and sorry for my bad english:smileyhappy:))))))))

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.