linux: traceroute send operation not permitted for remote server

Question

When I try to traceroute to a remote ip, I get send: Operation not permitted When I stop iptables, traceroute works fine. So, I assume I need some ip rule for send. What would that rule be?

I did find a solution here http://forums.fedoraforum.org/showthread.php?t=112516, and I add it to my iptables, restart it, but then after a while CSF seems to block send again. Something overwrites that rule.

score 29 · Accepted Answer · edited Dec 28 '13 at 01:57

29

Found the solution:

Do you have CSF installed? If yes, open the config page for CSF and search the page for traceroute. There you'll see this message:

# Allow outgoing UDP ports

# To allow outgoing traceroute add 33434:33523 to this list

edited Dec 28 '13 at 01:57

abatishchev

541
1
9
31

answered Oct 18 '12 at 14:44

giorgio79

1,837
9
26
36

Thank you very much! adding CSF ports to outgoing traceroute solve this issue. – Jun 16 '15 at 02:16
1

Please note that in CSF you must add the port range for IPv6 as well if you want to perform a traceroute6 (UDP6_OUT) – godzillante Oct 11 '17 at 09:13
2

CSF == ConfigServer Security & Firewall https://configserver.com/cp/csf.html – AAAfarmclub Jan 19 '19 at 17:10
Where is the config page for CSF? – Aaron Franke Sep 27 '20 at 08:00
If you are using cPanel / WHM, then search for ConfigServer Security & Firewall to find the config page for CSF. – David Apr 05 '22 at 18:41

linux: traceroute send operation not permitted for remote server

1 Answers1