Blocked outgoing ICMP

Got something else to discuss that is not covered by the previous forums? Post it here!
Post Reply
kl32n
Posts: 8
Joined: Sat Apr 17, 2010 7:55 pm

Blocked outgoing ICMP

Post by kl32n » Tue May 18, 2010 8:54 pm

Hi,

I just noticed some of the traffic originated from my ooma have been blocked by my router. following are examples:

[INFO] Tue May 18 21:14:35 2010 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.198 to 4.2.2.4
[INFO] Tue May 18 21:14:35 2010 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.198 to 4.2.2.6
[INFO] Tue May 18 21:14:35 2010 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.198 to 4.2.2.5
[INFO] Tue May 18 21:14:35 2010 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.198 to 4.2.2.4
[INFO] Tue May 18 21:14:35 2010 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.198 to 4.2.2.3
[INFO] Tue May 18 21:14:35 2010 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.198 to 4.2.2.1
[INFO] Tue May 18 21:14:35 2010 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.198 to 4.2.2.6
[INFO] Tue May 18 21:14:35 2010 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.198 to 4.2.2.5
[INFO] Tue May 18 21:14:35 2010 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.198 to 4.2.2.3
[INFO] Tue May 18 21:14:35 2010 Blocked outgoing ICMP packet (ICMP type 3) from 192.168.0.198 to 4.2.2.2

192.168.0.198 is the IP address of my ooma. Does any one know if this would be a problem?

Thanks.

sfhub
Posts: 348
Joined: Fri Jan 22, 2010 6:22 am

Re: Blocked outgoing ICMP

Post by sfhub » Tue May 18, 2010 11:03 pm

Those look like DNS servers. If your Ooma is otherwise working fine (ie it must have found some DNS server it could use), then it probably isn't something you need to worry about. It probably takes longer to initialize the system though.

It is a little strange though as I don't understand why Ooma would be sending destination unreachable to those DNS servers. It would seem, if anything, it would work the other way around.

murphy
Posts: 7207
Joined: Tue Jan 27, 2009 12:49 pm
Location: Pennsylvania

Re: Blocked outgoing ICMP

Post by murphy » Wed May 19, 2010 3:05 am

Did you assign a static IP address to the Ooma box and forget to assign your ISP's DNS servers? That's the only reason I can think of for the Ooma box to be trying to reach top level DNS servers.
Customer since January 2009
Telo with 2 Handsets, a Linx, and a Safety Phone
Telo2 with 2 Handsets and a Linx

sfhub
Posts: 348
Joined: Fri Jan 22, 2010 6:22 am

Re: Blocked outgoing ICMP

Post by sfhub » Wed May 19, 2010 8:52 am

murphy wrote:That's the only reason I can think of for the Ooma box to be trying to reach top level DNS servers.
Those aren't top-level (TLD) nameservers. They are L3 nameservers via Genuity, via GTE, via BBN.

jacque
Posts: 85
Joined: Wed May 05, 2010 12:40 pm

Re: Blocked outgoing ICMP

Post by jacque » Wed May 19, 2010 12:11 pm

My router logs are full of these identical entries every time I've had to restart the Telo. After it's running successfully, the log entries stop. I was guessing it had something to do with the startup. Did you power up your Ooma recently?

kl32n
Posts: 8
Joined: Sat Apr 17, 2010 7:55 pm

Re: Blocked outgoing ICMP

Post by kl32n » Wed May 19, 2010 10:19 pm

Thank you all for your reply. My ooma works fine. This is why I was wondering what it was doing if these blockings had no effect to its operation. I did have powered off the ooma recently (can’t remember exactly when). Maybe it was trying to find the DNS and found it later at another address but that action was not logged because it was successful.

User avatar
coldsteel
Posts: 81
Joined: Thu Nov 12, 2009 4:47 pm
Location: Long Island, NY
Contact:

Re: Blocked outgoing ICMP

Post by coldsteel » Thu May 20, 2010 7:00 am

If I remember correctly IP address 4.2.2.2 has been around forever as a sort of public DNS server that folks use for testing (not sure that you can/should make it your regular DNS server without expecting ramifications). If there was a single IP address that you HAD to hard-code in your firmware to allow it to come up in any environment anywhere in North America and phone home (no pun intended) that might be the one. Conversely, if the app can't reach that address then it can go into initialization failure mode pretty quickly. From that address you can get to your home server (by name) and do whatever you need to do to initialize your application and after that you can check to see if there is another/better/local DNS server available to use and continue. So maybe that's what Telo is doing.
Own: 1 Hub, 1 Scout ... "Common Sense Information Technology" is the focus of http://winstonlawrence.com/notebook/

Post Reply