Cannot Traceroute to Specific Host

Hi!

When using a traceroute app on my smartphone, to trace the route to my.ur.de, I cannot reach this host from LAN.

When connecting my smartphone to mobile network, the host is reachable.

Using IPfire v171, the DNS is set up with following servers

Any idea why the host is not reachable from LAN via IPfire?

if you run Traceroute from the IPFire console, does it work?

Thanks for the tip!

From within the IPfire console, the traceroute does not work either. Some hops appear but not until the end where my.uni-regensburg.de should show up.

The final host gets however reached when using mobile data on smartphone, indeed very quickly after starting to trace.

In the console, the trace stops after 5 to 8 hops. Any subsequent hop does not finish.

I’ve switched to the provider DNS in IPfire configuration, to no avail either.

for what it is worth, this same type of things happens with various random sites I am picking.

So sometimes traceroute completes and sometimes it does not.

traceroute my.ur.de - not
traceroute apple.com - completes
traceroute ipfire.org - completes
traceroute github.com - not

but I don’t know why…


EDIT: found this on one webpage:
If you see some asterisks (timeouts) in your trace for some routers, then this router (or firewall) is probably configured with an access-list and configure not to respond with any TTL expired messages.

1 Like

When tracing to ipfire.org, it works on my side, too.

The reason why I trace anyway is that I cannot reach my.ur.de from any browser on PC. This host is the login portal to the university’s network, btw.

The host can be reached without any issues using mobile data on smartphone. Switching to Wifi on same smartphone, it does not work.

1 Like

That’s different!

I can reach the login page for my.ru.de just fine. So there might be something in your setup (IPS?) that is blocking it. Time to dig the logs!

Sounds reasonable, however when tracing with mobile data, I see a final host as mentioned above: my.uni-regensburg.de

From console the asterisks are showing up from about 8 hops until 30

Let’s set aside traceroute for now. It is not the right tool for this issue.

1 Like

I just tried the same my.ur.de url and got the same timeout response.

I then disabled ipblocklist but the error stayed the same.

Then I disabled the IPS and the error changed to a problem with the proxy.

I then set the browser proxy to system and the url opened.

I then saw that the url is looking to use port 8443 and not just 443.
8443 is not enabled by default in the secure ports list of the web proxy.

So I added 8443 in the secure ports table, saved and restatrted the proxy and set the browser proxy back to my normal auto detect and the site was able to open again.

I turned back on the IPS and the IPblocklist and the site is still working fine.

Looks like the web site decided to change from using 443 to a custom 8443 and the IPFire proxy then blocks that as it is, by default, not allowed.

3 Likes

IPS on IPfire is not running on green interface. Nevertheless, I’ve switched it off completely, this did not change the game either.

I found the issue, silly me! I had to open port 8443 that the website uses for automatic redirection or similor. After setting up a FW rule from green to red network for port 8443. I finally reach the correct site.

FWIW, I’ve set up this rule before, but not on position 1 as I just created. Maybe some other blocking rules jumped in before?

Thanks Jon for reading and your hints!
Edit: Thanks Adolf!

2 Likes