The only time I have seen a traceroute loop on a
checkpoint firewall is when an administrator added a static route for the
actual firewall external ip address with a next hop of the internal
router. The router then forwarded the traffic back to the firewall and
there was your loop.
The admin had mistakenly thought that hide NAT
needed a route pointing to the actual user addresses.
This did not show 4 consecutive replies from the
firewall but an alternating pattern between the firewall and the router.
Maybe you can post the traceroute.
----- Original Message -----
Sent: Tuesday, June 18, 2002 9:49
AM
Subject: [FW-1] Traceroute loops
Has anyone seen NT FW-1 4.1 cause the target
server to reply four times to a traceroute from an NT client?
Is this part of NT's icmp based traceroute
behaviour?