General discussion

  • Creator
  • #2257789

    Cannot tracert beyond gateway


    by doubleshocker ·

    I recently switched all devices from DHCP to static IP’s on the corporate LAN. Everything seems to work just fine, with one very annoying exception:

    I cannot tracert beyond the gateway any longer. The results show the first hop as (Internet Gateway), and every destination after that is unreachable.

    The DNS resolves just fine, and when performing a tracert on for instance, resolves the correct IP address for their webservers.

    I’m combing through all the IP settings today, but would love to know if anyone can give me a simple fix for this annoyance.

    Best regards,


All Comments

  • Author
    • #3209342

      Reply To: Cannot tracert beyond gateway

      by curlergirl ·

      In reply to Cannot tracert beyond gateway

      Are you sure that you could do a tracert beyond the gateway before that? It’s very unlikely that simply changing from dynamic to static IPs internally would change the ability to do this. The most likely cause is that many gateway routers have ICMP traffic blocked at the gateway as a security measure.

      Hope this helps!

      • #3230369

        Reply To: Cannot tracert beyond gateway

        by doubleshocker ·

        In reply to Reply To: Cannot tracert beyond gateway

        Poster rated this answer.

        We could definately tracert before we made the change. I think it has something to do with the fact that we have a very messy network configuration here. I’ve inherited it, and am trying to do my best to configure it within typically recognized standards.

        For instance, the main router has been acting as a DHCP server. It is connected to the IP network via T-1 ethernet hand off from carrier, and then connected to a 48 port managed switch.

        All our computers and servers are connected into that switch, along with 3 WAP devices. Two of those WAPs are crummy little home wireless routers, and the other is a crummy little home wireless access point. Those are connected to the switch and are set to NOT offer DHCP to their clients.

        The wireless clients are getting DHCP served by the main router.

        It gets worse.

        We also use VOIP phones, so all those devices were set to DHCP, and received their IPs from the router. Recently, we changed all the VOIP phones to static, all the desktops to static, all the servers and printers were already static, and all the WAP’s are static.

        The only thing remaining dynamic are the wireless laptops which we are moving to static today.

        My goal is to turn the “DHCP server” function off on the main router, and move it to the Windows 2003 server, where it can be better managed. I envosion a static network with DHCP for the occassional visit from remote staff.

        Since we have not changed any configurations on the main router (which, embarrassingly is called a NetComm / Splitronic – read: could not afford a good router) I am confused by the sudden loss of tracert capability.

        I will look into the ICMP config on that router, and report back with any anomolies.

        Thanks for your rapid response!


    • #3230312

      Reply To: Cannot tracert beyond gateway

      by cmiller5400 ·

      In reply to Cannot tracert beyond gateway

      Well, temporarily change one of the stations back to DHCP and see if a tracert works. If not probably the isp is blocking ICMP on their routers.

    • #3230277

      Reply To: Cannot tracert beyond gateway

      by doubleshocker ·

      In reply to Cannot tracert beyond gateway

      I still cannot tracert, so it must not be the DHCP thing.

      In looking at the SYSLOG of the gateway, I see that these tracert’s are being BLOCKED by the router as DoS Attacks:Oversized ping.


      I’ve never had this problem before. With no configuration changes, no firmware changes, and apparently no difference between the DHCP/static IP config, how is it possible this router is seeing tracert’s as oversized pings?

      One likely answer – our internet gateway is a POS.

      I can not find a way to reduce the buffer size / packet size on the tracert. When I try to ping out with a standard 32 byte buffer, the router allows it. When I increase to 64 it is blocked as a DoS, which is what it should do, per the configuration.

      Should I now assume that tracert buffer size is greater than 32 bytes and cannot be configured?




    • #3230806

      Reply To: Cannot tracert beyond gateway

      by doubleshocker ·

      In reply to Cannot tracert beyond gateway

      This question was closed by the author

Viewing 3 reply threads