Tracert on N4L ?

[Kevin Whelan]

is this supposed to work or is it our firewall

[Julian Davison]

It was certainly part of the post-cutover testing I did when I was in that life...

Not to say they haven't changed things :)

On Wed, Sep 7, 2016 at 4:07 PM, Kevin Whelan <kwhel...@gmail.com> wrote:

is this supposed to work or is it our firewall

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Tim Harper]

Works here and we only use the N4L firewall:

C:\Users\Tim Harper>tracert www.education.govt.nz

Tracing route to boabd.x.incapdns.net [103.28.251.213]

over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.160.48.39

  2    37 ms    11 ms    11 ms  122-56-74-2.n4l.sparkdigital.co.nz [122.56.74.2]

  3    26 ms    26 ms    26 ms  122-56-99-241.n4l.sparkdigital.co.nz [122.56.99.241]

  4    26 ms    26 ms    26 ms  122-56-99-240.n4l.sparkdigital.co.nz [122.56.99.240]

  5    27 ms    27 ms    27 ms  vocus1.ape.nzix.net [192.203.154.123]

  6    28 ms    28 ms    28 ms  ten-0-7-0-2.cor01.alb01.akl.vocus.net.nz [114.31.202.68]

  7    27 ms    28 ms    27 ms  ten-1-0-0.bdr01.alb01.akl.vocus.net.nz [114.31.202.39]

  8    27 ms    27 ms    27 ms  asn19551.bdr01.alb05.akl.vocus.net.nz [175.45.102.46]

  9    27 ms    27 ms    27 ms  103.28.251.213.ip.incapdns.net [103.28.251.213]

Trace complete.

regards,

Tim Harper


Phone 03 443 5167 (messages cannot be left on this number)
Mobile 027 443 1236

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

On 7 September 2016 at 16:07, Julian Davison <jul...@davison.org.nz> wrote:

It was certainly part of the post-cutover testing I did when I was in that life...

Not to say they haven't changed things :)

On Wed, Sep 7, 2016 at 4:07 PM, Kevin Whelan <kwhel...@gmail.com> wrote:

is this supposed to work or is it our firewall

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.

To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsubscribe...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Pete Mundy]

> On 7/09/2016, at 4:07 pm, Kevin Whelan <kwhel...@gmail.com> wrote:
>
> is this supposed to work or is it our firewall

If you're using the N4L firewall service, it's probably that.

Below are two examples. The first is from a school where the N4L (Cisco) box acts as a firewall. The second is from a school where the N4L (Cisco) box acts as a router only (ie they use an N4L connection, but with their own firewall).

Is the problem you're experiencing manifesting itself in a similar fashion to the first example?

Pete

ladmin@fpl-rpi17:~$ traceroute -n 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 10.250.232.1 1.036 ms 0.824 ms 0.729 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

ladmin@fpl-rpi24:~$ traceroute -n 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 10.1.50.254 0.792 ms 1.186 ms 1.247 ms
2 122.56.63.122 3.697 ms 3.705 ms 3.870 ms
3 122.56.78.208 12.355 ms 12.558 ms 12.472 ms
4 122.56.99.250 12.861 ms 12.776 ms 12.695 ms
5 122.56.99.253 12.242 ms 12.161 ms 12.336 ms
6 * * *
7 122.56.116.5 22.151 ms 20.278 ms 20.295 ms
8 122.56.119.53 19.411 ms 210.55.202.213 19.344 ms 20.029 ms
9 202.50.232.110 43.035 ms 202.50.232.10 43.396 ms 202.50.232.110 43.010 ms
10 202.50.232.246 42.982 ms 44.463 ms 44.067 ms
11 202.50.237.198 45.202 ms 44.294 ms 51.429 ms
12 216.239.41.31 45.179 ms 216.239.41.51 44.867 ms 216.239.41.31 44.615 ms
13 216.239.41.1 42.809 ms 209.85.244.15 43.767 ms 216.239.40.255 42.898 ms
14 8.8.8.8 44.541 ms 44.789 ms 44.438 ms

[gre...@staff.cbhs.school.nz]

Works for me.

Between me (Chch) and 8.8.8.8, one hop times out (between .sparkdigital.co.nz and .global-gateway.net.nz) but all others respond.

We use N4L cisco box's firewalling.

- Ben.

[Jonathan Webster]

By default ICMP is allowed outbound, so tracert from Windows should work fine.

If you're on a linux box you'll need to use the -I flag as by default traceroute uses UDP packets instead of ICMP

If that's annoying we can fix it on a per school bases, however we're going to do this for all schools soon anyway. 

On 7 September 2016 at 16:07, Kevin Whelan <kwhel...@gmail.com> wrote:

is this supposed to work or is it our firewall

--

You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Jonathan Webster

Senior Engineer

The Network for Learning Ltd

M +64 220 40 3300  P 0800 LEARNING

A Suite 306, Geyser Building, 100 Parnell Road, Parnell, Auckland 1052

A PO Box 37118, Parnell, Auckland 1151  n4l.co.nz

[Kevin Whelan]

thanks we use n4l as a router thru linewize and get the first option, only gateway shows and all else are blank
Linewize are adamant it is N4L causing it

[Jonathan Webster]

Interesting... Just tested from our Raspbery Pi which is only behind our router and it works with the -I flag (uppercase letter i).

[removed]~$traceroute -I 8.8.8.8

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets

 1  172.29.6.118 (172.29.6.118)  0.897 ms  0.768 ms  0.660 ms

 2  210-55-77-152.n4l.sparkdigital.co.nz (210.55.77.152)  7.663 ms  7.573 ms  7.480 ms

 3  122-56-99-250.n4l.sparkdigital.co.nz (122.56.99.250)  5.455 ms  6.155 ms  5.789 ms

 4  122-56-99-253.n4l.sparkdigital.co.nz (122.56.99.253)  5.505 ms  5.590 ms  5.504 ms

 5  * * *

 6  ae8-10.akbr6.global-gateway.net.nz (122.56.116.5)  15.939 ms  15.043 ms  15.033 ms

 7  122.56.119.53 (122.56.119.53)  14.810 ms  15.131 ms  15.012 ms

 8  xe7-0-9.sgbr3.global-gateway.net.nz (202.50.232.182)  38.516 ms  38.400 ms  38.687 ms

 9  ae2-10.sgbr4.global-gateway.net.nz (202.50.232.246)  39.461 ms  39.234 ms  39.257 ms

10  google-gsw.sgbr4.global-gateway.net.nz (202.50.237.198)  39.366 ms  39.210 ms  39.472 ms

11  216.239.41.5 (216.239.41.5)  38.882 ms  39.187 ms  39.131 ms

12  216.239.41.1 (216.239.41.1)  39.949 ms  39.832 ms  40.015 ms

13  google-public-dns-a.google.com (8.8.8.8)  39.273 ms  39.145 ms  39.262 ms

And just before anyone asks, the Pi doesn't have access to the LAN.

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.