konddor
Contributor
Contributor

traceroute throw NAT

Hi,

I want to traceroute to the outside internet via NAT.

This is my configuration:

Host: Win server 2003

vmware machine: Linux Debian

My windows 2003 IP Configuration:

Ethernet adapter VMware NAT VMnet8:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8

Physical Address. . . . . . . . . : 00-50-56-C0-00-08

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.31.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

Ethernet adapter VMware Host VMnet1:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet

1

Physical Address. . . . . . . . . : 00-50-56-C0-00-01

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.10.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

Ethernet adapter eth-outside:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-12-79-90-AB-34

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 82.20.252.196

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 82.20.252.253

DNS Servers . . . . . . . . . . . : 142.115.10.15

142.114.60.34

my Linux Debian IP configuration:

eth0 Link encap:Ethernet HWaddr 00:0C:29:73:0E:E4

inet addr:192.168.31.150 Bcast:192.168.31.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:fe73:ee4/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:66 errors:0 dropped:0 overruns:0 frame:0

TX packets:44 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:6828 (6.6 KiB) TX bytes:6023 (5.8 KiB)

Interrupt:169 Base address:0x2000

debian vmware Ethernet setting to vmnet8

VmNet8 has:

gateway: 192.168.31.2

mask: 255.255.255.0

from the linux i can use ping outside to internet network, all working good

but i can not traceroute outside the internet from the linux vm

traceroute to 192.210.83.1 (192.210.83.1), 30 hops max, 40 byte packets

1 192.168.31.2 (192.168.31.2) 7.183 ms 0.338 ms 2.410 ms

2 * * *

3 * * *

Under Windows ping outside is working

I can even traceroute outside

I can't trace from the linux vm to outside internet network

My question is what I forgot to configure, and where I did it wrong ..

and how can I make it traceroute outside from the linux machine ?

Thanks you all your response

0 Kudos
9 Replies
konddor
Contributor
Contributor

my missing info:

exact version of VMware Workstation is 6.0

host OS: Win 2003 std server

guest OS: debain Linux

using virtual machine networking TYPE with custom VMnet8

0 Kudos
konddor
Contributor
Contributor

trying trace to my Win 2003 host working:

traceroute to 82.20.252.196 (82.20.252.196), 30 hops max, 40 byte packets

1 192.168.199.2 (192.168.199.2) 7.957 ms 0.279 ms 0.153 ms

2 qop-80-252-196.dcexfor.candida.net (82.20.252.196) 4.185 ms 2.383 ms 2.982 ms

but i can not trace outside the host from the linux vm

please help??

Thanks,

0 Kudos
oreeh
Immortal
Immortal

traceroute on Windows is different from traceroute on Unix

Windows sends ICMP packets and Unix send UDP packets.

The hops between the source and the target always send back ICMP TTL execeeded.

To get traceroute working you therefore have to forward ICMP packets to the VM - which you can't.

0 Kudos
konddor
Contributor
Contributor

Hi oreeh

I agree with the traceroute different,

trying now to traceroute outside the UNIX box to g00gle ant it is working

~# traceroute www.google.com

traceroute: Warning: www.google.com has multiple addresses; using 64.233.183.147

traceroute to www.l.google.com (64.233.183.147), 30 hops max, 40 byte packets

1 192.168.199.2 (192.168.199.2) 1.066 ms 0.251 ms 3.331 ms

2 nf-in-f147.google.com (64.233.183.147) 75.300 ms 67.161 ms 65.679 ms

~#

traceroute to sky.com

~# traceroute www.sky.com

traceroute to www.sky.com (87.86.92.92), 30 hops max, 40 byte packets

1 192.168.199.2 (192.168.199.2) 0.311 ms 0.246 ms 0.141 ms

2 * * *

3 * * *

4 * * *

now, my question is why g00gle is response to unix traceroute command while other are not,

any good reason / ides?

Thanks in advanced

0 Kudos
oreeh
Immortal
Immortal

Many firewalls (and routers) simply blcok traceroute.

0 Kudos
puruta
Contributor
Contributor

no .. this is not because of firewall.

I observed traceroute packets at host (with tcpdump/wireshark).

  1. host :windows XP with VMPlayer 2.5.

  2. host: macOSX 10.5.6 with Fusion 2.0.3

  3. host: linux(fedora10) with VMPlayer 2.5.2

and I used linux as guest os. Of course, the network setting is "NAT" and firewall of host/guest os were disabled.

in the case of 1), the TTL fields of traceroute packets from guest are modified to TTL = 128 at host.. this means all packets are reaches to destination, and no time exceeded icmp packets are returned from hops. so , traceroute was failed ..

in case 2, host os (mac) did not change TTL field. And host os received time exceed icmp packets from hops.But !! all of these packets were not

forwarded to guest . and traceroute was faild as well.

in case 3, everything quite OK .. traceroute at guest received icmp time to live exceed packets from host.

Is there any bugs in vmnet-natd for win/mac ?

Anyone know how to fix this problem?

0 Kudos
puruta
Contributor
Contributor

attached file is results of my tests.

Does anyone know about how vmnet-nat is dealing with icmp packets in detail ?

0 Kudos
Photubias
Enthusiast
Enthusiast

Very interesting document, I'll hope to pick it up one day.

Any news on this topic?

Both traceroute (Linux) nor tracert (Windows) seem to work past the NAT-firewall of Workstation/Player.

I wonder why?

0 Kudos
TommyFreddy
Enthusiast
Enthusiast

First of all check you are getting internet then try to execute tracert for windows traceroute for linux.

0 Kudos