9 Replies Latest reply on Mar 26, 2014 1:09 PM by TommyFreddy

    traceroute throw NAT

    konddor Lurker

      Hi,

       

      I want to traceroute to the outside internet via NAT.

       

      This is my configuration:

       

      Host: Win server 2003

       

      vmware machine: Linux Debian

       

       

      My windows 2003 IP Configuration:

       

          

      Ethernet adapter VMware NAT VMnet8:

       

         Connection-specific DNS Suffix  . :

         Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8

         Physical Address. . . . . . . . . : 00-50-56-C0-00-08

         DHCP Enabled. . . . . . . . . . . : No

         IP Address. . . . . . . . . . . . : 192.168.31.1

         Subnet Mask . . . . . . . . . . . : 255.255.255.0

         Default Gateway . . . . . . . . . :

       

      Ethernet adapter VMware Host VMnet1:

       

         Connection-specific DNS Suffix  . :

         Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet

      1

         Physical Address. . . . . . . . . : 00-50-56-C0-00-01

         DHCP Enabled. . . . . . . . . . . : No

         IP Address. . . . . . . . . . . . : 192.168.10.1

         Subnet Mask . . . . . . . . . . . : 255.255.255.0

         Default Gateway . . . . . . . . . :

       

      Ethernet adapter eth-outside:

       

         Connection-specific DNS Suffix  . :

         Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

         Physical Address. . . . . . . . . : 00-12-79-90-AB-34

         DHCP Enabled. . . . . . . . . . . : No

         IP Address. . . . . . . . . . . . : 82.20.252.196

         Subnet Mask . . . . . . . . . . . : 255.255.255.0

         Default Gateway . . . . . . . . . : 82.20.252.253

         DNS Servers . . . . . . . . . . . : 142.115.10.15

                                             142.114.60.34

       

      my Linux Debian IP configuration:

       

      eth0      Link encap:Ethernet  HWaddr 00:0C:29:73:0E:E4

                inet addr:192.168.31.150  Bcast:192.168.31.255  Mask:255.255.255.0

                inet6 addr: fe80::20c:29ff:fe73:ee4/64 Scope:Link

                UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

                RX packets:66 errors:0 dropped:0 overruns:0 frame:0

                TX packets:44 errors:0 dropped:0 overruns:0 carrier:0

                collisions:0 txqueuelen:1000

                RX bytes:6828 (6.6 KiB)  TX bytes:6023 (5.8 KiB)

                Interrupt:169 Base address:0x2000

       

       

      debian vmware Ethernet setting to vmnet8

       

       

      VmNet8 has:

       

      gateway: 192.168.31.2

      mask: 255.255.255.0

       

      from the linux i can use ping outside to internet network, all working good

       

      but i can not traceroute outside the internet from the linux vm

       

      traceroute to 192.210.83.1 (192.210.83.1), 30 hops max, 40 byte packets

      1  192.168.31.2 (192.168.31.2)  7.183 ms  0.338 ms  2.410 ms

      2  * * *

      3  * * *

       

      Under Windows ping outside is working  

       

      I can even traceroute outside

       

      I can't trace from the linux vm to outside internet network

       

       

      My question is what I forgot to configure, and where I did it wrong ..

       

      and how can I make it traceroute outside from the linux machine ?

       

      Thanks you all your response

        • 1. Re: traceroute throw NAT
          konddor Lurker

          my missing info:

           

          exact version of VMware Workstation is 6.0

           

          host OS: Win 2003 std server

           

          guest OS: debain Linux

           

          using virtual machine networking TYPE with custom VMnet8

          • 2. Re: traceroute throw NAT
            konddor Lurker

            trying trace to my Win 2003 host working:

             

            traceroute to 82.20.252.196 (82.20.252.196), 30 hops max, 40 byte packets

            1  192.168.199.2 (192.168.199.2)  7.957 ms  0.279 ms  0.153 ms

            2  qop-80-252-196.dcexfor.candida.net (82.20.252.196)  4.185 ms  2.383 ms  2.982 ms

             

            but i can not trace outside the host from the linux vm

             

            please help??

             

            Thanks,

            • 3. Re: traceroute throw NAT
              oreeh Guru

              traceroute on Windows is different from traceroute on Unix

               

              Windows sends ICMP packets and Unix send UDP packets.

              The hops between the source and the target always send back ICMP TTL execeeded.

               

              To get traceroute working you therefore have to forward ICMP packets to the VM - which you can't.

              • 4. Re: traceroute throw NAT
                konddor Lurker

                Hi oreeh

                 

                I agree with the traceroute different,

                 

                trying now to traceroute outside the UNIX box to g00gle ant it is working

                 

                ~# traceroute www.google.com

                traceroute: Warning: www.google.com has multiple addresses; using 64.233.183.147

                traceroute to www.l.google.com (64.233.183.147), 30 hops max, 40 byte packets

                1  192.168.199.2 (192.168.199.2)  1.066 ms  0.251 ms  3.331 ms

                2  nf-in-f147.google.com (64.233.183.147)  75.300 ms  67.161 ms  65.679 ms

                ~#

                traceroute to sky.com

                 

                ~# traceroute www.sky.com

                traceroute to www.sky.com (87.86.92.92), 30 hops max, 40 byte packets

                1  192.168.199.2 (192.168.199.2)  0.311 ms  0.246 ms  0.141 ms

                2  * * *

                3  * * *

                4  * * *

                 

                 

                now, my question is why g00gle is response to unix traceroute command while other are not,

                 

                any good reason / ides?

                 

                Thanks in advanced

                • 5. Re: traceroute throw NAT
                  oreeh Guru

                  Many firewalls (and routers) simply blcok traceroute.

                  • 6. Re: traceroute throw NAT
                    puruta Novice

                    no .. this is not because of firewall.

                    I observed traceroute packets at host (with tcpdump/wireshark).

                     

                    1. host :windows XP with VMPlayer 2.5.

                    2. host: macOSX 10.5.6 with Fusion 2.0.3

                    3. host: linux(fedora10) with VMPlayer 2.5.2

                     

                    and I used linux as guest os. Of course, the network setting is "NAT" and firewall of host/guest os were disabled.

                    in the case of 1),   the TTL fields of  traceroute packets from guest  are modified to TTL = 128 at host.. this means all packets are reaches to destination, and no time exceeded icmp packets are returned from hops. so , traceroute was failed ..

                     

                    in case 2, host os (mac) did not change TTL field. And host os received time exceed icmp packets from hops.But !! all of these packets were not

                    forwarded to guest . and traceroute was faild as well.

                     

                    in case 3, everything quite OK .. traceroute at guest received icmp time to live exceed packets from host.

                     

                    Is there any bugs in vmnet-natd for win/mac ?

                    Anyone know how to fix this problem?

                    • 7. Re: traceroute throw NAT
                      puruta Novice

                      attached file is results of my tests.

                       

                       

                      Does anyone know about how vmnet-nat is dealing with icmp packets in detail ?

                      • 8. Re: traceroute throw NAT
                        Photubias Enthusiast

                        Very interesting document, I'll hope to pick it up one day.

                        Any news on this topic?

                         

                        Both traceroute (Linux) nor tracert (Windows) seem to work past the NAT-firewall of Workstation/Player.

                        I wonder why?

                        • 9. Re: traceroute throw NAT
                          TommyFreddy Enthusiast

                          First of all check you are getting internet then try to execute tracert for windows traceroute for linux.