iptables blocking outbound traceroute

I have seen a few people having problems with getting outbound traceroutes to work, normally just after they have setup a new rule base for iptables, a linux based software firewall that’s installed on most systems.

Basically they have allowed the trace-route in the outbound rules, normally by permitting all outbound traffic. I wouldn’t recommend that, however that’s a post for another day.

However they are blocking the inbound responses, meaning that trace route never gets any of the data back from the hops.

This fault is actually a sign of some much larger issues as many services work in the same way, basically you have forgotten to track ‘related and established’ sessions, and permit their inbound traffic.

The command to fix is below, assuming your inbound chain is called ‘INPUT’ and your internet interface is eth0.

iptables -A INPUT -m state -i eth0 --state ESTABLISHED,RELATED -j ACCEPT

 

Technology enthusiastic with many ongoing online projects one of which is this personal blog PingBin. While also working full time within a data center designing and maintaining the network infrastructure.

Leave a reply:

Your email address will not be published.