Traceroute & IP masquerading

I have a box B1 with two NICs, each connected to a different network, N1
and N2. Another box B2 has a single NIC connected to N1, and it gets
access to N2 via B1, which is doing IP masquerading on B2's behalf.

When it comes to finding out about routes and hosts in N2, the traceroute
command works all right when issued at B1. However, when issued at B2 it
doesn't - it does not seem to be able to tell any routes outside N1; in
particular, it does not seem to know anything about N2.

Is there a way around this? That is, is it possible to get traceroute to
work on B2, as far as tracing routes to hosts in N2 is concerned? B2
has otherwise full access to N2.

Ivar Rosquist wrote:
> I have a box B1 with two NICs, each connected to a different network, N1
> and N2. Another box B2 has a single NIC connected to N1, and it gets
> access to N2 via B1, which is doing IP masquerading on B2's behalf.
>
> When it comes to finding out about routes and hosts in N2, the traceroute
> command works all right when issued at B1. However, when issued at B2 it
> doesn't - it does not seem to be able to tell any routes outside N1; in
> particular, it does not seem to know anything about N2.
>
> Is there a way around this? That is, is it possible to get traceroute to
> work on B2, as far as tracing routes to hosts in N2 is concerned? B2
> has otherwise full access to N2.

It should work. Perhaps your B1 is dropping packets?

On Sat, 06 Jan 2007 21:51:01 +0000, Allen Kistler wrote:

> Ivar Rosquist wrote:
>> I have a box B1 with two NICs, each connected to a different network, N1
>> and N2. Another box B2 has a single NIC connected to N1, and it gets
>> access to N2 via B1, which is doing IP masquerading on B2's behalf.
>>
>> When it comes to finding out about routes and hosts in N2, the traceroute
>> command works all right when issued at B1. However, when issued at B2 it
>> doesn't - it does not seem to be able to tell any routes outside N1; in
>> particular, it does not seem to know anything about N2.
>>
>> Is there a way around this? That is, is it possible to get traceroute to
>> work on B2, as far as tracing routes to hosts in N2 is concerned? B2
>> has otherwise full access to N2.
>
> It should work. Perhaps your B1 is dropping packets?

It does not. Anyway, I found out that invoking traceroute with the -I
option does the trick.

On Sun, 07 Jan 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <o9Ynh.42670$(E-Mail Removed)> , Ivar Rosquist wrote:

>Allen Kistler wrote:

>> Ivar Rosquist wrote:
>>> I have a box B1 with two NICs, each connected to a different network, N1
>>> and N2. Another box B2 has a single NIC connected to N1, and it gets
>>> access to N2 via B1, which is doing IP masquerading on B2's behalf.
>>>
>>> When it comes to finding out about routes and hosts in N2, the
>>> traceroute command works all right when issued at B1. However, when
>>> issued at B2 it doesn't - it does not seem to be able to tell any
>>> routes outside N1; in particular, it does not seem to know anything
>>> about N2.

>> It should work. Perhaps your B1 is dropping packets?
>
> It does not.

Oh, yes it is - on B1, run tcpdump on each interface - you'll see it's
dropping some stuff. Perhaps there is a firewall rule that is screwing
things up. Try '/sbin/iptables -L' so see what you are doing to UDP.

>Anyway, I found out that invoking traceroute with the -I option does
>the trick.

Some versions. On the traceroute that comes with SuSE (written by Olaf
Kirch while at Caldera), the -I option selects the interface, rather than
using ICMP echos.

Old guy