https://community.checkpoint.com/t5/Firewall-and-Security-Management/Linux-traceroute-packets-blocked-but-not-window-packets/m-p/240741#M46708 <P>Hello everyone;<BR />i have set up a site to site vpn between our site A and site B with two mikrotik routers. the vpn works well. both sites can see each other. behind site A is a 3600 firewall and the pc's of both sites can see each other.<BR />when i ping back and forth from a windows pc as well as a linux pc, the pings go through. a traceroute back and forth from a windows pc, we can reach the pc behind the firewall. But a traceroute from a linux PC can't reach the PC behind the firewall at site A. The packets don't get through the router.<BR />To sum up:<BR />a tracert from Site B on Windows reaches the PC behind Site A's firewall;<BR />a traceroute from Site B on linux can't reach the pc behind Site A's firewall.</P><P>what could be the problem???<BR />Thanks</P><P>&nbsp;</P> Sat, 08 Feb 2025 21:51:10 GMT junior_kakou 2025-02-08T21:51:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Linux-traceroute-packets-blocked-but-not-window-packets/m-p/240741#M46708 <P>Hello everyone;<BR />i have set up a site to site vpn between our site A and site B with two mikrotik routers. the vpn works well. both sites can see each other. behind site A is a 3600 firewall and the pc's of both sites can see each other.<BR />when i ping back and forth from a windows pc as well as a linux pc, the pings go through. a traceroute back and forth from a windows pc, we can reach the pc behind the firewall. But a traceroute from a linux PC can't reach the PC behind the firewall at site A. The packets don't get through the router.<BR />To sum up:<BR />a tracert from Site B on Windows reaches the PC behind Site A's firewall;<BR />a traceroute from Site B on linux can't reach the pc behind Site A's firewall.</P><P>what could be the problem???<BR />Thanks</P><P>&nbsp;</P> Sat, 08 Feb 2025 21:51:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Linux-traceroute-packets-blocked-but-not-window-packets/m-p/240741#M46708 junior_kakou 2025-02-08T21:51:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Linux-traceroute-packets-blocked-but-not-window-packets/m-p/240742#M46709 <P>Windows <STRONG>tracert</STRONG> sends ICMP requests, while Unix/Linux <STRONG>traceroute</STRONG> sends UDP packets bound for UDP high ports.&nbsp; Use the <STRONG>tracert</STRONG> command from Gaia/Linux and it will work, you must be blocking UDP high ports somewhere in the path but not ICMP echo requests.</P> <P><EM>Edit: Windows tracert expects to get ICMP echo replies as responses, while Unix traceroute expects to receive Destination/Port unreachable responses.&nbsp; So those latter types of responses could be getting blocked.</EM></P> Sun, 09 Feb 2025 13:32:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Linux-traceroute-packets-blocked-but-not-window-packets/m-p/240742#M46709 Timothy_Hall 2025-02-09T13:32:51Z