Incoming traceroute blocked by ufw

Posted by Tobias Timpe on Server Fault See other posts from Server Fault or by Tobias Timpe
Published on 2013-11-04T15:33:08Z Indexed on 2013/11/04 15:56 UTC
Read the original article Hit count: 762

Filed under:

ubuntu

|

firewall

|

traceroute

|

ufw

One of my Proxmox VMs running Ubuntu 13.04 won't accept incoming trace routes while ufw is enabled.

What command do give ufw to allow incoming traceroute(6)s?

The following shows up in the syslog with ufw enabled:

50:15:15:aa:ae:8d:7d:e4:7a:97:08:00 SRC=79.236.233.97 DST=78.46.101.252 LEN=52 TOS=0x00 PREC=0x00 TTL=1 ID=33400 PROTO=UDP SPT=63757 DPT=33466 LEN=32
Nov  4 16:20:36 web kernel: [8078158.260409] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:15:15:aa:ae:8d:7d:e4:7a:97:08:00 SRC=79.236.233.97 DST=78.46.101.252 LEN=52 TOS=0x00 PREC=0x00 TTL=1 ID=33401 PROTO=UDP SPT=63757 DPT=33467 LEN=32
Nov  4 16:20:41 web kernel: [8078163.262626] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:15:15:aa:ae:8d:7d:e4:7a:97:08:00 SRC=79.236.233.97 DST=78.46.101.252 LEN=52 TOS=0x00 PREC=0x00 TTL=2 ID=33402 PROTO=UDP SPT=63757 DPT=33468 LEN=32
Nov  4 16:20:46 web kernel: [8078168.262927] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:15:15:aa:ae:8d:7d:e4:7a:97:08:00 SRC=79.236.233.97 DST=78.46.101.252 LEN=52 TOS=0x00 PREC=0x00 TTL=2 ID=33403 PROTO=UDP SPT=63757 DPT=33469 LEN=32
Nov  4 16:20:51 web kernel: [8078173.260521] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:15:15:aa:ae:8d:7d:e4:7a:97:08:00 SRC=79.236.233.97 DST=78.46.101.252 LEN=52 TOS=0x00 PREC=0x00 TTL=2 ID=33404 PROTO=UDP SPT=63757 DPT=33470 LEN=32

And the trace route just ends in starts after the Proxmox host machine.

Thanks

Tobias Timpe

© Server Fault or respective owner

Related posts about ubuntu

Cannot update, apt-get cannot fetch index files

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a fresh install of Ubuntu 11.10 from the iso 'ubuntu-11.10-desktop-amd64.iso'. I installed this in VMWare Fusion 4.1.1 running on OSX 10.7.3. When setting up the VM, I allowed easy install to take care of creating my user and installing VMWare tools. No problems during installation, everything… >>> More
'sudo apt-get update' error on Ubuntu 12.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
When I type in 'sudo apt-get update' I get this mohd-arafat-hossain@TUD:~$ sudo apt-get update [sudo] password for mohd-arafat-hossain: Ign http://bd.archive.ubuntu.com precise InRelease Ign http://bd.archive.ubuntu.com precise-updates InRelease Ign http://bd.archive.ubuntu… >>> More
Opening Skype, Opera, OpenOffice logs me off

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Whats common among Skype, Opera, OpenOffice in Ubuntu ? Whenever I open these applications I get logged off and shows back me the login screen. This started happening since the 10.10 upgrade. Forgot to mention : Yes, its x64.Each time I open these applications, the UI shows and then crashes. I… >>> More
Update information outdated

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a warning triangle that my update information is outdated, the last update was 12 days ago. I use Ubuntu 11.10. A run of sudo apt-get update produces the following output: Ign http://ppa.launchpad.net oneiric InRelease Ign http://de.archive.ubuntu.com oneiric InRelease … >>> More
ubuntu/apt-get update said "Failed to Fetch http:// .... 404 not found"

as seen on Server Fault - Search for 'Server Fault'
Hi all, I'm trying to run apt-get update on ubuntu 9.10 I've configured my proxy server and I can access the internet without any problem: /etc/apt# wget "http://www.google.com" Resolving (...) Proxy request sent, awaiting response... 200 OK Length: 292 [text/html] Saving to: `index.html' 100%[=================================================================================================================================>]… >>> More

Related posts about firewall

Managed hosting firewall vs managing own firewall

as seen on Server Fault - Search for 'Server Fault'
I posted on stackoverflow as to the overall benefits of managed hosting vs non-managed hosting. The more I think about it, it seems to boil down to one question: should I use a managed host because they take care of the firewall, or would I be okay managing my own, software firewall? The sites… >>> More
Hardware firewall vs VMWare firewall appliance

as seen on Server Fault - Search for 'Server Fault'
We have a debate in our office going on whether it's necessary to get a hardware firewall or set up a virtual one on our VMWare cluster. Our environment consists of 3 server nodes (16 cores w/ 64 GB RAM each) over 2x 1 GB switches w/ an iSCSI shared storage array. Assuming that we would be dedicating… >>> More
Firewall behind firewall

as seen on Server Fault - Search for 'Server Fault'
I've recently changed jobs and I've been set up with a new workstation. On all previous places where I've been working they've had some sort of local firewall installed on each and every workstation - but here I've been told not to activate it because it is not necessary since we're already behind… >>> More
We have no SW Firewall behind our office HW firewall, admin says its not req'd

as seen on Server Fault - Search for 'Server Fault'
I've recently changed jobs and I've been set up with a new workstation. On all previous places where I've been working they've had some sort of local firewall installed on each and every workstation - but here I've been told not to activate it because it is not necessary since we're already behind… >>> More
Can't get FTP to work on centOS 5.6

as seen on Server Fault - Search for 'Server Fault'
Hi guys I have been trying for a few hours to install and get FTP to work... I did yum install ftp and yum install vsftpd They all installed and are running but when I try to use filezilla or some other client I just can't connect....I've tried connecting on port 21 and port 990 ....nothing! These… >>> More