2005-08-13, 16:20
Second Traceroute packet always dropped
When running FireWall-1 on Solaris or tracerouting to a Solaris box, you might notice that your second "Traceroute" packet always gets dropped. This is actually a quirk of Solaris, not FireWall-1. You can resolve it by executing the following command on your firewall:

ndd -set /dev/ip ip_icmp_err_interval 0
If ping or traceroute packets come from the same host within a specific period of time (in milliseconds), they are ignored. The default is 500ms, which would cause the behaviour observed. By setting this value to zero, you disable this behaviour. Another option is to specify a Unix traceroute with a -z msec option that delays each traceroute packet by the specified number of milliseconds.
-- PhoneBoy - 05 Jan 2004

