If your running iptables most likely your default INPUT policy will be DROP its easy enough to allow most things through and to allow basic pinging to be performed against the server etc.

However traceroute can be a bit more of a problem to allow since if traceroute is being performed using UDP you need to stop the packets going to a wide range of ports from being dropped. Since you really don’t want to open up all the ports it requires most people just leave it and that means you can only traceroute using ICMP.

The best way I have found to get around this is to just set a REJECT on the port range no need for an ACCEPT and everything works fine.

sudo iptables -A INPUT -i eth0 -p udp -m udp --dport 33434:33523 -m state --state NEW -j REJECT --reject-with icmp-port-unreachable