Jump to content

Windows firewall udp traceroute blocking

Guest Flip_

By Guest Flip_
in Techno Babble

 Share

Recommended Posts

Guest Flip_

Guest Flip_

Posted
Posted

There is a problem with Windows firewall. If you try to make traceroute from

unix box to windows box it fails because it uses UDP protocol (Windows use

ICMP protocol). Only solution so far is to disable Windows firewall. If I put

rule to allow any to any and protocol any for both inside and outside it

fails too.

 

Is there any solution for this problem because disabling Windows firewall is

not an option?

  • Replies 6
  • Created
  • Last Reply

Popular Days

Popular Days

Guest S. Pidgorny

Guest S. Pidgorny

Posted
Posted

traceroute -I <host> will use UDP (on a Linux system here, at least).

Or enable 33434/UDP, which is the default. And you can change the port. man

traceroute!

 

--

Svyatoslav Pidgorny, MS MVP - Security, MCSE

-= F1 is the key =-

 

http://sl.mvps.org http://msmvps.com/blogs/sp

 

"Flip_" <Flip_@discussions.microsoft.com> wrote in message

news:0A31B25E-C4E6-4DC9-828A-9DB12AE8E810@microsoft.com...<span style="color:blue">

> There is a problem with Windows firewall. If you try to make traceroute

> from

> unix box to windows box it fails because it uses UDP protocol (Windows use

> ICMP protocol). Only solution so far is to disable Windows firewall. If I

> put

> rule to allow any to any and protocol any for both inside and outside it

> fails too.

>

> Is there any solution for this problem because disabling Windows firewall

> is

> not an option? </span>

Guest Thor Kottelin

Guest Thor Kottelin

Posted
Posted

"Flip_" <Flip_@discussions.microsoft.com> wrote in message

news:0A31B25E-C4E6-4DC9-828A-9DB12AE8E810@microsoft.com...<span style="color:blue">

> There is a problem with Windows firewall. If you try to make traceroute

> from

> unix box to windows box it fails because it uses UDP protocol (Windows

> use

> ICMP protocol).</span>

 

Hi,

 

If UDP is the specific problem, can you set your traceroute client to use

ICMP echo instead?

 

As an example, the "-I" switch sets the Fedora Core Linux traceroute

application into ICMP mode, although in this case, it needs to be run as

the superuser.

 

--

Thor Kottelin

http://www.anta.net/

 

Antivirus, firewall, parental control: http://www.anta.net/sw/norman/

Guest Flip_

Guest Flip_

Posted
Posted

No it is unix based appliance and it needs traceroute for communicating with

active directory.

 

"Thor Kottelin" wrote:

<span style="color:blue">

> "Flip_" <Flip_@discussions.microsoft.com> wrote in message

> news:0A31B25E-C4E6-4DC9-828A-9DB12AE8E810@microsoft.com...<span style="color:green">

> > There is a problem with Windows firewall. If you try to make traceroute

> > from

> > unix box to windows box it fails because it uses UDP protocol (Windows

> > use

> > ICMP protocol).</span>

>

> Hi,

>

> If UDP is the specific problem, can you set your traceroute client to use

> ICMP echo instead?

>

> As an example, the "-I" switch sets the Fedora Core Linux traceroute

> application into ICMP mode, although in this case, it needs to be run as

> the superuser.

>

> --

> Thor Kottelin

> http://www.anta.net/

>

> Antivirus, firewall, parental control: http://www.anta.net/sw/norman/

>

> </span>

Guest Flip_

Guest Flip_

Posted
Posted

As i said before, I made a rule to allow any source to any destination using

any protocol and i didn't work. Only solution was to disable the firewall.

 

"S. Pidgorny <MVP>" wrote:

<span style="color:blue">

> traceroute -I <host> will use UDP (on a Linux system here, at least).

> Or enable 33434/UDP, which is the default. And you can change the port. man

> traceroute!

>

> --

> Svyatoslav Pidgorny, MS MVP - Security, MCSE

> -= F1 is the key =-

>

> http://sl.mvps.org http://msmvps.com/blogs/sp

>

> "Flip_" <Flip_@discussions.microsoft.com> wrote in message

> news:0A31B25E-C4E6-4DC9-828A-9DB12AE8E810@microsoft.com...<span style="color:green">

> > There is a problem with Windows firewall. If you try to make traceroute

> > from

> > unix box to windows box it fails because it uses UDP protocol (Windows use

> > ICMP protocol). Only solution so far is to disable Windows firewall. If I

> > put

> > rule to allow any to any and protocol any for both inside and outside it

> > fails too.

> >

> > Is there any solution for this problem because disabling Windows firewall

> > is

> > not an option? </span>

>

>

> </span>

Guest S. Pidgorny

Guest S. Pidgorny

Posted
Posted

You don't give much details about your problem, which makes it hard to help

you. The questions:

 

What is involved in routing between the Linux system and your AD? Is there

NAT?

Why the Linux appliance needs traceroute to communicate with Active

Directory?

What is that appliance?

Where Windows Firewall is running, on the domain controller or

intermediary point?

Is ICMP-based traceroute working with the Windows firewall? If it does,

you'll be able to create an alias and make traceroute use ICMP (ot even

TCP);

Why can you not disable the firewall?

What is in the firewall log if the "anything allowed" rule is in place?

Under same condition, what is in the packet trace on the system where

firewall is running, and how is that different from that when firewall is

off?

 

After answering all of this you'll probably will figure out the solution

yourself....

 

 

--

Svyatoslav Pidgorny, MS MVP - Security, MCSE

-= F1 is the key =-

 

http://sl.mvps.org http://msmvps.com/blogs/sp

 

 

"Flip_" <Flip@discussions.microsoft.com> wrote in message

news:DD99C595-60B8-4D93-A116-09D3FDCA6E17@microsoft.com...<span style="color:blue">

> As i said before, I made a rule to allow any source to any destination

> using

> any protocol and i didn't work. Only solution was to disable the firewall.

>

> "S. Pidgorny <MVP>" wrote:

><span style="color:green">

>> traceroute -I <host> will use UDP (on a Linux system here, at least).

>> Or enable 33434/UDP, which is the default. And you can change the port.

>> man

>> traceroute!

>>

>> --

>> Svyatoslav Pidgorny, MS MVP - Security, MCSE

>> -= F1 is the key =-

>>

>> http://sl.mvps.org http://msmvps.com/blogs/sp

>>

>> "Flip_" <Flip_@discussions.microsoft.com> wrote in message

>> news:0A31B25E-C4E6-4DC9-828A-9DB12AE8E810@microsoft.com...<span style="color:darkred">

>> > There is a problem with Windows firewall. If you try to make traceroute

>> > from

>> > unix box to windows box it fails because it uses UDP protocol (Windows

>> > use

>> > ICMP protocol). Only solution so far is to disable Windows firewall. If

>> > I

>> > put

>> > rule to allow any to any and protocol any for both inside and outside

>> > it

>> > fails too.

>> >

>> > Is there any solution for this problem because disabling Windows

>> > firewall

>> > is

>> > not an option?</span>

>>

>>

>> </span></span>

Guest S. Pidgorny

Guest S. Pidgorny

Posted
Posted

Sorry, should read "Why can't you disable firewall?".

 

"S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message

news:ej4z9ae0IHA.2292@TK2MSFTNGP03.phx.gbl...<span style="color:blue">

> You don't give much details about your problem, which makes it hard to

> help you. The questions:

>

> What is involved in routing between the Linux system and your AD? Is

> there NAT?

> Why the Linux appliance needs traceroute to communicate with Active

> Directory?

> What is that appliance?

> Where Windows Firewall is running, on the domain controller or

> intermediary point?

> Is ICMP-based traceroute working with the Windows firewall? If it does,

> you'll be able to create an alias and make traceroute use ICMP (ot even

> TCP);

> Why can you not disable the firewall?

> What is in the firewall log if the "anything allowed" rule is in place?

> Under same condition, what is in the packet trace on the system where

> firewall is running, and how is that different from that when firewall is

> off?

>

> After answering all of this you'll probably will figure out the solution

> yourself....

>

>

> --

> Svyatoslav Pidgorny, MS MVP - Security, MCSE

> -= F1 is the key =-

>

> http://sl.mvps.org http://msmvps.com/blogs/sp

>

>

> "Flip_" <Flip@discussions.microsoft.com> wrote in message

> news:DD99C595-60B8-4D93-A116-09D3FDCA6E17@microsoft.com...<span style="color:green">

>> As i said before, I made a rule to allow any source to any destination

>> using

>> any protocol and i didn't work. Only solution was to disable the

>> firewall.

>>

>> "S. Pidgorny <MVP>" wrote:

>><span style="color:darkred">

>>> traceroute -I <host> will use UDP (on a Linux system here, at least).

>>> Or enable 33434/UDP, which is the default. And you can change the port.

>>> man

>>> traceroute!

>>>

>>> --

>>> Svyatoslav Pidgorny, MS MVP - Security, MCSE

>>> -= F1 is the key =-

>>>

>>> http://sl.mvps.org http://msmvps.com/blogs/sp

>>>

>>> "Flip_" <Flip_@discussions.microsoft.com> wrote in message

>>> news:0A31B25E-C4E6-4DC9-828A-9DB12AE8E810@microsoft.com...

>>> > There is a problem with Windows firewall. If you try to make

>>> > traceroute

>>> > from

>>> > unix box to windows box it fails because it uses UDP protocol (Windows

>>> > use

>>> > ICMP protocol). Only solution so far is to disable Windows firewall.

>>> > If I

>>> > put

>>> > rule to allow any to any and protocol any for both inside and outside

>>> > it

>>> > fails too.

>>> >

>>> > Is there any solution for this problem because disabling Windows

>>> > firewall

>>> > is

>>> > not an option?

>>>

>>>

>>></span></span>

>

> </span>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...