Web Hosting Talk






PDA

View Full Version : traceroute problem?

wheimeng
07-14-2004, 11:00 PM
# traceroute ultraunix.net
traceroute to ultraunix.net (69.61.56.98), 30 hops max, 38 byte packets
traceroute: sendto: Operation not permitted
1 traceroute: wrote ultraunix.net 38 chars, ret=-1
*traceroute: sendto: Operation not permitted
traceroute: wrote ultraunix.net 38 chars, ret=-1
*traceroute: sendto: Operation not permitted
traceroute: wrote ultraunix.net 38 chars, ret=-1
*
traceroute: sendto: Operation not permitted
2 traceroute: wrote ultraunix.net 38 chars, ret=-1
*traceroute: sendto: Operation not permitted
traceroute: wrote ultraunix.net 38 chars, ret=-1
*traceroute: sendto: Operation not permitted
traceroute: wrote ultraunix.net 38 chars, ret=-1


Any idea what could be the problem? Once flused apf (apf -f) then I could perform the traceroute normally, but later on the error occurs again.
cywkevin
07-14-2004, 11:05 PM
sounds like some kind of permissions error locally on the server. Unless I su to root I can't use traceroute on my server and get a similar error.
wheimeng
07-14-2004, 11:11 PM
I performed that with root access. In fact, would not make sense even if I did it without root and worked flushed apf firewalled (BTW, I doubt a normal user could flush apf :D)
liam821
07-14-2004, 11:14 PM
Traceroute needs to be suEXEC to run (ie it runs as root). That might be your problem. Try running it as root and see if that helps.

If running as root works fine, you can fix the problem with (you have to be root to do it). Make sure traceroute is owned by root with group root/wheel depending on the os. Then chmod 5555 /path/to/traceroute.

If it still doesnt work. You prolly have a firewall either running on the box or somewhere on your network which is proventing icmp packets.

thanks,
liam
Steven
07-14-2004, 11:27 PM
Your all wrong. You need to open this range 33434-33534 normally for traceroutes, has nothing to do with permissions. If you read his post he said if he flushed apf it works.
wheimeng
07-14-2004, 11:27 PM
Again, I was performing that in root environment.
Steven
07-14-2004, 11:29 PM
Originally posted by UltraUnixNET
Again, I was performing that in root environment.

Read my post :P
wheimeng
07-14-2004, 11:31 PM
Yeh :P I posted mine right after you :D

I'll open the port to ensure it works then.

Thanks!
wheimeng
07-14-2004, 11:32 PM
BTW, just to double confirm, /etc/apf/conf.apf right?

Do I open outbound, inbound or both? UDP, TCP or ICMP? It should be ICMP am I correct?
liam821
07-14-2004, 11:33 PM
haha oops your post wasnt there when i was replying. Sorry :)