Traceroute fails on some sites



  • I've done a standard installation of "PFSENSE 2.0.3 Release" as an Hyper-V 2012 Virtual Machine.

    It has 3 interfaces: WAN, LAN and OPT1.

    The configuration is the default plus the following

    • I've enabled captive portal on OPT1;
    • I've add a static route in the LAN interface, to be able to reach other private subnet;

    From the pfsense console I'm able to do DNS resolution, and ping Internet sites (e.g. www.google.com).

    But, when I try to do a traceroute, it doen't work for most sites, but for a few it works.

    In "Diagnostics>Traceroute" the behaviour is the same as in the console - but I found that when I enable "Use ICMP" the traceroute then works.

    This seems to be IP address related - www.google.co.in has multiple IP addresses, some work and some don't:


    [2.0.3-RELEASE][root@inwall1]/(23): traceroute -n www.google.co.in
    traceroute: Warning: www.google.co.in has multiple addresses; using 173.194.36.55
    traceroute to www.google.co.in (173.194.36.55), 64 hops max, 52 byte packets
    1  49.248.116.81  22.491 ms  22.153 ms  22.319 ms
    2  192.168.176.9  22.603 ms  22.482 ms  22.250 ms
    3  202.149.208.68  22.567 ms  23.473 ms  22.807 ms
    4  115.113.139.233  224.271 ms  206.624 ms  223.149 ms
    5  115.113.165.98  23.995 ms  24.024 ms  23.306 ms
    6  72.14.232.202  23.774 ms  24.338 ms  29.139 ms
    7  209.85.241.189  23.968 ms  23.826 ms  23.599 ms
    8  173.194.36.55  23.892 ms  23.800 ms  23.992 ms
    [2.0.3-RELEASE][root@inwall1.efacec.pt]/(24): clear


    [2.0.3-RELEASE][root@inwall1]/(25): traceroute -n www.google.co.in
    traceroute: Warning: www.google.co.in has multiple addresses; using 173.194.36.63
    traceroute to www.google.co.in (173.194.36.63), 64 hops max, 52 byte packets
    1  * * *
    2  * * *
    ^C


    Then, the computers that are allowed access through the captive portal cannot connect to sites to whom the traceroute fails.

    Could someone please give me some hints on analyzing this issue?

    Thanks.


Log in to reply