So I was trying to use trace route to diagnose why my some DNS problems but it was timing out.

As you may know I am using CloudFlare for DNS hosting and other things. Any way may traceroute worked OK with my CloudFlare enabled sites but when I tried my newly setup Ubuntu server (which is not using the CloudFlare network, see my article Sky Broadband Blocks CloudFlare CDN) it failed.

I figured the problem must be a firewall issue as the server was accessible via ping. A quick look around and look into my iptables rules and a search on google found the problem. My rules for ping where:-

which was fine to allow ping but traceroute uses UDP with a port range from 33434 to 33534. So the server must not drop icmp type 8 or UDP 33434:33534. For traceroute to work we also don’t need accept the packet we can reject them and it still will work, so our new rules will be:

now our trace route will work properly. Hope it helps

These ports should not be in use by any other application