Starnge output on traceroute

Toggle sidebar Toggle sidebar
E

Ed

Distinguished
Apr 1, 2004
1,253
0
19,280
Archived from groups: comp.security.firewalls (More info?)

I recently installed IPCOP and everything was working fine.Then suddenly I could not send mail,
but I could receive mail. Thinking that my ISP was having problems I ran
a traceroute and noticed that the first hop was to 10.1.7.1 (from my
firewall through a linksys router)

traceroute linuxquestions.org
traceroute to linuxquestions.org (64.179.4.149), 30 hops max, 38 byte packets
1 10.1.7.1 (10.1.7.1) 13.998 ms 17.040 ms 15.480 ms
2 at-5-2-0-1716.core-rtr1.res.verizon-gni.net (130.81.11.25) 16.259 ms 14.790 ms 16.211 ms
3 so-0-1-0-0.bb-rtr1.res.verizon-gni.net (130.81.9.37) 24.734 ms 24.582 ms 17.678 ms
4 so-6-0-0-0.peer-rtr1.ash.verizon-gni.net (130.81.10.90) 16.827 ms 15.322 ms 15.708 ms
5 dcx-edge-02.inet.qwest.net (208.46.127.253) 15.793 ms 15.845 ms 15.455 ms
6 205.171.251.13 (205.171.251.13) 15.599 ms 16.623 ms 17.754 ms
7 dca-core-02.inet.qwest.net (205.171.8.221) 17.182 ms 18.559 ms 18.469 ms
8 ewr-core-03.inet.qwest.net (205.171.8.182) 24.766 ms 24.504 ms 23.550 ms
MPLS Label=210418 CoS=4 TTL=1 S=1
9 ewr-core-02.inet.qwest.net (205.171.17.33) 23.913 ms 21.404 ms 21.062 ms
MPLS Label=161934 CoS=4 TTL=1 S=1
10 chi-core-01.inet.qwest.net (205.171.8.229) 39.504 ms 41.455 ms 39.660 ms
11 chi-edge-09.inet.qwest.net (205.171.20.122) 39.948 ms 40.774 ms 42.606 ms
12 63.149.3.230 (63.149.3.230) 243.702 ms 230.545 ms 264.114 ms
13 atm6-5-978-pitb-isp-cisco.choiceone.net (66.202.102.254) 59.653 ms 60.239 ms 60.634 ms
14 web1.linuxquestions.org (64.179.4.149) 61.423 ms 61.049 ms 60.868 ms


As you can see from above this is very strange!!!! The output from my route command is:

route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.25.241.0 * 255.255.255.0 U 0 0 0 eth1
10.25.240.0 * 255.255.255.0 U 0 0 0 eth0
default 10.25.241.254 0.0.0.0 UG 0 0 0 eth1


I have looked at resolv.conf and it only has my local host. The above output was from my firewall.
I am also including the output of route from one of my server going
through the firewall along with a traceroute:

route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.25.240.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default eagfw01s.egursk 0.0.0.0 UG 0 0 0 eth0


traceroute to linuxquestions.org (64.179.4.149), 30 hops max, 38 byte packets
1 eagfw01s.egurski.org (10.25.240.253) 0.317 ms 0.289 ms 0.267 ms
2 10.1.7.1 (10.1.7.1) 19.332 ms 17.690 ms 16.907 ms
3 at-5-2-0-1716.CORE-RTR1.RES.verizon-gni.net (130.81.11.25) 16.957 ms 17.282 ms 15.249 ms
4 so-0-1-0-0.BB-RTR1.RES.verizon-gni.net (130.81.9.37) 31.691 ms 47.488 ms 23.319 ms
5 so-6-0-0-0.PEER-RTR1.ASH.verizon-gni.net (130.81.10.90) 16.764 ms 15.127 ms 16.186 ms
6 dcx-edge-02.inet.qwest.net (208.46.127.253) 16.521 ms 17.733 ms 14.403 ms
7 205.171.251.13 (205.171.251.13) 16.082 ms 16.015 ms 15.133 ms
8 dca-core-02.inet.qwest.net (205.171.8.221) 17.018 ms 15.826 ms 15.619 ms
9 ewr-core-03.inet.qwest.net (205.171.8.182) 43.626 ms 35.475 ms 24.406 ms
MPLS Label=210418 CoS=3 TTL=1 S=0
10 ewr-core-02.inet.qwest.net (205.171.17.33) 34.812 ms 24.956 ms 23.515 ms
MPLS Label=161934 CoS=3 TTL=1 S=0
11 chi-core-01.inet.qwest.net (205.171.8.229) 42.645 ms 41.262 ms 43.091 ms
12 chi-edge-09.inet.qwest.net (205.171.20.122) 41.537 ms 44.573 ms 41.987 ms
13 63.149.3.230 (63.149.3.230) 59.993 ms 52.381 ms 56.023 ms
14 atm6-5-978-pitb-isp-cisco.choiceone.net (66.202.102.254) 59.661 ms 62.528 ms 60.009 ms
15 web1.linuxquestions.org (64.179.4.149) 58.639 ms 60.286 ms 60.311 ms


Any suggestions???

Thanks
Ed
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

"ed" <ed@gurski.com> wrote in message
news:pan.2004.07.14.01.21.55.934133@gurski.com...
> I recently installed IPCOP and everything was working fine.Then suddenly I
could not send mail,
> but I could receive mail. Thinking that my ISP was having problems I ran
> a traceroute and noticed that the first hop was to 10.1.7.1 (from my
> firewall through a linksys router)
>
> traceroute linuxquestions.org
> traceroute to linuxquestions.org (64.179.4.149), 30 hops max, 38 byte
packets
> 1 10.1.7.1 (10.1.7.1) 13.998 ms 17.040 ms 15.480 ms
> 2 at-5-2-0-1716.core-rtr1.res.verizon-gni.net (130.81.11.25) 16.259 ms
14.790 ms 16.211 ms
> 3 so-0-1-0-0.bb-rtr1.res.verizon-gni.net (130.81.9.37) 24.734 ms 24.582 ms
17.678 ms
> 4 so-6-0-0-0.peer-rtr1.ash.verizon-gni.net (130.81.10.90) 16.827 ms 15.322
ms 15.708 ms
> 5 dcx-edge-02.inet.qwest.net (208.46.127.253) 15.793 ms 15.845 ms 15.455
ms
> 6 205.171.251.13 (205.171.251.13) 15.599 ms 16.623 ms 17.754 ms
> 7 dca-core-02.inet.qwest.net (205.171.8.221) 17.182 ms 18.559 ms 18.469 ms
> 8 ewr-core-03.inet.qwest.net (205.171.8.182) 24.766 ms 24.504 ms 23.550 ms
> MPLS Label=210418 CoS=4 TTL=1 S=1
> 9 ewr-core-02.inet.qwest.net (205.171.17.33) 23.913 ms 21.404 ms 21.062 ms
> MPLS Label=161934 CoS=4 TTL=1 S=1
> 10 chi-core-01.inet.qwest.net (205.171.8.229) 39.504 ms 41.455 ms 39.660
ms
> 11 chi-edge-09.inet.qwest.net (205.171.20.122) 39.948 ms 40.774 ms 42.606
ms
> 12 63.149.3.230 (63.149.3.230) 243.702 ms 230.545 ms 264.114 ms
> 13 atm6-5-978-pitb-isp-cisco.choiceone.net (66.202.102.254) 59.653 ms
60.239 ms 60.634 ms
> 14 web1.linuxquestions.org (64.179.4.149) 61.423 ms 61.049 ms 60.868 ms
>
>
> As you can see from above this is very strange!!!! The output from my
route command is:
>
> route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 10.25.241.0 * 255.255.255.0 U 0 0 0 eth1
> 10.25.240.0 * 255.255.255.0 U 0 0 0 eth0
> default 10.25.241.254 0.0.0.0 UG 0 0 0 eth1
>
>
> I have looked at resolv.conf and it only has my local host. The above
output was from my firewall.
> I am also including the output of route from one of my server going
> through the firewall along with a traceroute:
>
> route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 10.25.240.0 * 255.255.255.0 U 0 0 0 eth0
> 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
> 127.0.0.0 * 255.0.0.0 U 0 0 0 lo
> default eagfw01s.egursk 0.0.0.0 UG 0 0 0 eth0
>
>
> traceroute to linuxquestions.org (64.179.4.149), 30 hops max, 38 byte
packets
> 1 eagfw01s.egurski.org (10.25.240.253) 0.317 ms 0.289 ms 0.267 ms
> 2 10.1.7.1 (10.1.7.1) 19.332 ms 17.690 ms 16.907 ms
> 3 at-5-2-0-1716.CORE-RTR1.RES.verizon-gni.net (130.81.11.25) 16.957 ms
17.282 ms 15.249 ms
> 4 so-0-1-0-0.BB-RTR1.RES.verizon-gni.net (130.81.9.37) 31.691 ms 47.488 ms
23.319 ms
> 5 so-6-0-0-0.PEER-RTR1.ASH.verizon-gni.net (130.81.10.90) 16.764 ms 15.127
ms 16.186 ms
> 6 dcx-edge-02.inet.qwest.net (208.46.127.253) 16.521 ms 17.733 ms 14.403
ms
> 7 205.171.251.13 (205.171.251.13) 16.082 ms 16.015 ms 15.133 ms
> 8 dca-core-02.inet.qwest.net (205.171.8.221) 17.018 ms 15.826 ms 15.619 ms
> 9 ewr-core-03.inet.qwest.net (205.171.8.182) 43.626 ms 35.475 ms 24.406 ms
> MPLS Label=210418 CoS=3 TTL=1 S=0
> 10 ewr-core-02.inet.qwest.net (205.171.17.33) 34.812 ms 24.956 ms 23.515
ms
> MPLS Label=161934 CoS=3 TTL=1 S=0
> 11 chi-core-01.inet.qwest.net (205.171.8.229) 42.645 ms 41.262 ms 43.091
ms
> 12 chi-edge-09.inet.qwest.net (205.171.20.122) 41.537 ms 44.573 ms 41.987
ms
> 13 63.149.3.230 (63.149.3.230) 59.993 ms 52.381 ms 56.023 ms
> 14 atm6-5-978-pitb-isp-cisco.choiceone.net (66.202.102.254) 59.661 ms
62.528 ms 60.009 ms
> 15 web1.linuxquestions.org (64.179.4.149) 58.639 ms 60.286 ms 60.311 ms
>
>
> Any suggestions???
>
> Thanks
> Ed

Not sure what your question is...... Looks OK. But I have never seen an
MPLS entry in a traceroute listing.
What traceroute are you running here......?
J--
www.pccitizen.com Safe Computing, Home wired and wireless networking tips.
....You spend your whole life figuring out what you should have done with it,
let alone what it was all about. And then your children get to do it all
over again..
 
M

Mike

Splendid
Apr 1, 2004
3,865
0
22,780
Archived from groups: comp.security.firewalls (More info?)

ed wrote:

> I recently installed IPCOP and everything was working fine.Then suddenly I could not send mail,
> but I could receive mail. Thinking that my ISP was having problems I ran
> a traceroute and noticed that the first hop was to 10.1.7.1 (from my
> firewall through a linksys router)
>
> traceroute linuxquestions.org
> traceroute to linuxquestions.org (64.179.4.149), 30 hops max, 38 byte packets
> 1 10.1.7.1 (10.1.7.1) 13.998 ms 17.040 ms 15.480 ms
> 2 at-5-2-0-1716.core-rtr1.res.verizon-gni.net (130.81.11.25) 16.259 ms 14.790 ms 16.211 ms
> 3 so-0-1-0-0.bb-rtr1.res.verizon-gni.net (130.81.9.37) 24.734 ms 24.582 ms 17.678 ms
> 4 so-6-0-0-0.peer-rtr1.ash.verizon-gni.net (130.81.10.90) 16.827 ms 15.322 ms 15.708 ms
> 5 dcx-edge-02.inet.qwest.net (208.46.127.253) 15.793 ms 15.845 ms 15.455 ms
> 6 205.171.251.13 (205.171.251.13) 15.599 ms 16.623 ms 17.754 ms
> 7 dca-core-02.inet.qwest.net (205.171.8.221) 17.182 ms 18.559 ms 18.469 ms
> 8 ewr-core-03.inet.qwest.net (205.171.8.182) 24.766 ms 24.504 ms 23.550 ms
> MPLS Label=210418 CoS=4 TTL=1 S=1
> 9 ewr-core-02.inet.qwest.net (205.171.17.33) 23.913 ms 21.404 ms 21.062 ms
> MPLS Label=161934 CoS=4 TTL=1 S=1
> 10 chi-core-01.inet.qwest.net (205.171.8.229) 39.504 ms 41.455 ms 39.660 ms
> 11 chi-edge-09.inet.qwest.net (205.171.20.122) 39.948 ms 40.774 ms 42.606 ms
> 12 63.149.3.230 (63.149.3.230) 243.702 ms 230.545 ms 264.114 ms
> 13 atm6-5-978-pitb-isp-cisco.choiceone.net (66.202.102.254) 59.653 ms 60.239 ms 60.634 ms
> 14 web1.linuxquestions.org (64.179.4.149) 61.423 ms 61.049 ms 60.868 ms
>
>
> As you can see from above this is very strange!!!!

Err... Strange in what way exactly???

--

------------------------------------

Real email to mike. The header email is a spam trap and you will be
blacklisted.
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

"ed" <ed@gurski.com> wrote in message
news:pan.2004.07.14.01.21.55.934133@gurski.com...
> I recently installed IPCOP and everything was working fine.Then suddenly I
could not send mail,
> but I could receive mail. Thinking that my ISP was having problems I ran
> a traceroute and noticed that the first hop was to 10.1.7.1 (from my
> firewall through a linksys router)

Often see "private" addresses in traceroutes here too - some ISPs use
10.x.x.x and other private addresses spaces inside their networks, and don't
turn off the responses for traceroutes. Their border routers don't egress
filter packets with source addresses in private address spaces, and so you
see the return packets from them. You should however only see these
addresses coming from routers within your ISP as they should be ingress
filtered at the borders with other ISPs.

Dan
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom