Traceroute fails on some sites
-
I've done a standard installation of "PFSENSE 2.0.3 Release" as an Hyper-V 2012 Virtual Machine.
It has 3 interfaces: WAN, LAN and OPT1.
The configuration is the default plus the following
- I've enabled captive portal on OPT1;
- I've add a static route in the LAN interface, to be able to reach other private subnet;
From the pfsense console I'm able to do DNS resolution, and ping Internet sites (e.g. www.google.com).
But, when I try to do a traceroute, it doen't work for most sites, but for a few it works.
In "Diagnostics>Traceroute" the behaviour is the same as in the console - but I found that when I enable "Use ICMP" the traceroute then works.
This seems to be IP address related - www.google.co.in has multiple IP addresses, some work and some don't:
[2.0.3-RELEASE][root@inwall1]/(23): traceroute -n www.google.co.in
traceroute: Warning: www.google.co.in has multiple addresses; using 173.194.36.55
traceroute to www.google.co.in (173.194.36.55), 64 hops max, 52 byte packets
1 49.248.116.81 22.491 ms 22.153 ms 22.319 ms
2 192.168.176.9 22.603 ms 22.482 ms 22.250 ms
3 202.149.208.68 22.567 ms 23.473 ms 22.807 ms
4 115.113.139.233 224.271 ms 206.624 ms 223.149 ms
5 115.113.165.98 23.995 ms 24.024 ms 23.306 ms
6 72.14.232.202 23.774 ms 24.338 ms 29.139 ms
7 209.85.241.189 23.968 ms 23.826 ms 23.599 ms
8 173.194.36.55 23.892 ms 23.800 ms 23.992 ms
[2.0.3-RELEASE][root@inwall1.efacec.pt]/(24): clear
[2.0.3-RELEASE][root@inwall1]/(25): traceroute -n www.google.co.in
traceroute: Warning: www.google.co.in has multiple addresses; using 173.194.36.63
traceroute to www.google.co.in (173.194.36.63), 64 hops max, 52 byte packets
1 * * *
2 * * *
^C
Then, the computers that are allowed access through the captive portal cannot connect to sites to whom the traceroute fails.
Could someone please give me some hints on analyzing this issue?
Thanks.