When trying to perform a traceroute on a domain name OR IP address, you receive an error as below.
Quoteroot@server1 [~]# traceroute xx.xx.xx.xx
traceroute to xx.xx.xx.xx (xx.xx.xx.xx), 30 hops max, 60 byte packets
send: Operation not permitted
This is because the required ports for traceroute to work are not opened in server firewall. This usually happens if you have csf (ConfigServer Security & Firewall) installed on your machine/server.
Open your csf config file. Commonly located at /etc/csf/csf.conf and find for UDP_OUT. To allow outgoing traceroute add 33434:33523 to this list and restart the csf firewall.
The traceroute on domain OR IP address should start working now.