Firewall filter rules and traceroute

The reason traceroute won't work on local network is, because it all goes via 2. layer, not 3. network one, so there are no hops, ping however will work as the machine will answer.

The firewall rules on the other network router are port specific, so they will work different as your setting. Your firewall seems to accept only established connections and I guess the rule #3 is dropping everything that tries to go inside your network except of established connection. Everything on local network should work just fine.

Therefore, I would try to troubleshoot problems with OSX server on server level not network level, that comes if you can ping it's interface. You have probably not setup web server on it properly.

tikend

Posted 2015-07-11T10:06:43.497

Reputation: 265

Thanks, I have my web allowed and I have set everything by manual, I don't think I screwed up anything there because it was very user-friendly and easy. I don't have any public IP I just wanna try if I can see a web page: file:///Library/Server/Web/Data/Sites/www.example.com/ located at my server from another computer. I would add that the other PC is win7 and I cannot see the server or other devices in folder MyNetworkPlaces. I would also want to know about the url, the default os x web page is at pepi.local, but my custom web is at that long url: file:///Lib... how to make it example.local? – Marek Židek – 2015-07-11T10:44:56.523

Don't know if you have setup local DNS, but if not, you have to access the web via ip adress of the server, have you tried that? – tikend – 2015-07-11T10:46:45.380

Thanks :) (no local dns) I can access to the server via it's IP, but I found out I cannot ping it :D I can ping only from the sever to the other computer... this is just confusing, another wierd thing is that in the other network(professionally made) I can traceroute the other computers even if there are 0 hops. Sorry for bothering, these are just things that you cannot find in school scripts or manuals... – Marek Židek – 2015-07-11T11:00:23.773

If you cannot ping the server, most likely it's local firewall is stopping it. This is normal as to stop DDoS attacks. The reason traceroute works on pro configuration is probably that they have separated local network to more subnetworks, so router has to route the packets and therefore there are hops. – tikend – 2015-07-11T11:02:20.550

Wait a minute... Both ping and traceroute are Layer 3 diagnostic tools. Not only that, they both send out ICMP type 8 (Echo Request) packets. – Larssend – 2015-07-11T13:02:53.990

@geewee yes, but ping contact directly end device and this can respond even on local network, however traceroute is trying to go via each 3. layer hop on a way, and if there aren't any, it wont work, it will work just like a ping, depending on a implementation – tikend – 2015-07-11T15:09:05.943

@tikend: Neither ping nor traceroute make routing/switching decision. They differ only in the TTL value. – Larssend – 2015-07-11T15:55:19.473

@geewee I was not saying anything about they making decisions, just that traceroute without hops will probably just show output like ping based on implementation – tikend – 2015-07-11T15:56:20.370

@tikend: your idea is all over the place. I don't follow you. Peace. – Larssend – 2015-07-11T16:01:00.750

Let us continue this discussion in chat.

– tikend – 2015-07-11T16:01:43.600

1@tikend: Not interested. If I don't understand you here, I won't understand you there. The point being, there's no difference between traceroute and ping at Layer 2. They're both Layer 3 entities. – Larssend – 2015-07-11T16:03:42.387

Why not call them again and have them restore it? We don't know what the previous configurations were like. – Larssend – 2015-07-11T10:46:21.417

Well, I don't have problem with it, I just wanna learn something so I just bought new router and server and I try&fail alongside that working network. – Marek Židek – 2015-07-11T11:02:35.393

Firewall filter rules and traceroute

Answers