• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Odd tracert

John Connor

John Connor

Lifer
When ever I do a tracert to a IP address I only get one hop which seems unlikely. I did a tracert with domaintools and here is the side by side comparison. What gives?

Nh5EcWa.jpg
 
No, this isn't a VM. It's on the laptop running Win 7 Ultimate

I tried a tracert on the thinclient and I get only one hop as well. Thinclient running XPE. I have 4 other computers I can check. I wonder if it has something to do with an iptable in the router. I have the router flashed with DD-WRT. Here is the iptables.

iptables -t mangle -I PREROUTING -i `get_wanface` -j TTL --ttl-set 10 iptables -t mangle -I POSTROUTING -o `get_wanface` -j TTL --ttl-set 128 iptables -t mangle -I POSTROUTING -o `get_wanface` -j TTL --ttl-inc 1 iptables -I OUTPUT -d 239.255.255.250 -j DROP iptables -I OUTPUT -d 224.0.0.22 -j DROP
Here is the rest of the iptables. LOL!



#Syn-flood protection iptables -N syn_flood iptables -A syn-flood -p tcp --syn -m limit --limit 1/s --limit-burst 4 -j ACCEPT iptables -A syn_flood -j REJECT # Furtive port scanner: iptables -N port_scan iptables -A port_scan -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT iptables -A port_scan -j REJECT iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL FIN,URG,PSH -j REJECT iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL ALL -j REJECT iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL NONE -j REJECT iptables -t nat -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j REJECT #XMAS iptables -t nat -A PREROUTING -p tcp --tcp-flags SYN,FIN SYN,FIN -j REJECT iptables -t nat -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j REJECT # FIN packet scans iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j REJECT #SSH Protection iptables -N rate_limit iptables -F rate_limit iptables -A rate_limit -p tcp --dport 22 -m limit --limit 3/min --limit-burst 3 -j ACCEPT iptables -A rate_limit -p udp --dport 22 -m limit --limit 3/min --limit-burst 3 -j ACCEPT iptables -A rate_limit -p ICMP --icmp-type echo-request -m limit --limit 3/sec -j ACCEPT iptables -A rate_limit -p ICMP -j LOG --log-prefix " Connection dropped!! " iptables -A rate_limit -p tcp -j REJECT --reject-with tcp-reset iptables -A rate_limit -p udp -j REJECT --reject-with icmp-port-unreachable iptables -A rate_limit -j DROP iptables -I INPUT -p tcp --dport 22-m state --state NEW -j rate_limit iptables -I INPUT -p udp --dport 22 -m state --state NEW -j rate_limit iptables -A INPUT -i vlan1 -p igmp -j DROP iptables -I INPUT -i vlan1 -d 192.168.0.0/16 -p igmp -j DROP iptables -A INPUT -i vlan0 -p igmp -j DROP iptables -I INPUT -i vlan0 -d 192.168.0.0/16 -p igmp -j DROP

The damn formatting sucks on this forum. It should be one line each but despite quoting and pasteing simple text it won't format correctly on here. Sorry about that.
 
Last edited:
Here they are! Had to paste in a text doc and copy.

iptables -t mangle -I PREROUTING -i `get_wanface` -j TTL --ttl-set 10
iptables -t mangle -I POSTROUTING -o `get_wanface` -j TTL --ttl-set 128
iptables -t mangle -I POSTROUTING -o `get_wanface` -j TTL --ttl-inc 1
iptables -I OUTPUT -d 239.255.255.250 -j DROP
iptables -I OUTPUT -d 224.0.0.22 -j DROP
#Syn-flood protection
iptables -N syn_flood
iptables -A syn-flood -p tcp --syn -m limit --limit 1/s --limit-burst 4 -j ACCEPT
iptables -A syn_flood -j REJECT
# Furtive port scanner:
iptables -N port_scan
iptables -A port_scan -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A port_scan -j REJECT
iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL FIN,URG,PSH -j REJECT
iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL ALL -j REJECT
iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL NONE -j REJECT
iptables -t nat -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j REJECT
#XMAS
iptables -t nat -A PREROUTING -p tcp --tcp-flags SYN,FIN SYN,FIN -j REJECT
iptables -t nat -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j REJECT
# FIN packet scans
iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j REJECT
#SSH Protection
iptables -N rate_limit
iptables -F rate_limit
iptables -A rate_limit -p tcp --dport 22 -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -A rate_limit -p udp --dport 22 -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -A rate_limit -p ICMP --icmp-type echo-request -m limit --limit 3/sec -j ACCEPT
iptables -A rate_limit -p ICMP -j LOG --log-prefix " Connection dropped!! "
iptables -A rate_limit -p tcp -j REJECT --reject-with tcp-reset
iptables -A rate_limit -p udp -j REJECT --reject-with icmp-port-unreachable
iptables -A rate_limit -j DROP
iptables -I INPUT -p tcp --dport 22 -m state --state NEW -j rate_limit
iptables -I INPUT -p udp --dport 22 -m state --state NEW -j rate_limit
iptables -A INPUT -i vlan1 -p igmp -j DROP
iptables -I INPUT -i vlan1 -d 192.168.0.0/16 -p igmp -j DROP
iptables -A INPUT -i vlan0 -p igmp -j DROP
iptables -I INPUT -i vlan0 -d 192.168.0.0/16 -p igmp -j DROP
 
Last edited:
I found my problem! These IPtables were the cause.

iptables -t mangle -I PREROUTING -i `get_wanface` -j TTL --ttl-set 10
iptables -t mangle -I POSTROUTING -o `get_wanface` -j TTL --ttl-set 128
iptables -t mangle -I POSTROUTING -o `get_wanface` -j TTL --ttl-inc 1
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top