Allow ICMP ping



  • I'm trying to set up a rule allowing ICMP pings on the wan interface but it doesn't seem to be working. I've seen various guides how to set up and tried every possible way with no luck. My rule is setup as follows:
    Action: Pass
    Interface: Wan
    Address Family ipv4+ipv6 (have also tried with just ipv4)
    Protocol: ICMP
    ICMP Subtypes: currently set to "ANY" but have also tried with "echo request"
    Source: Any
    Destination: Any (have also tried with WAN address selected)

    I save/apple the rule and have someone try to ping. In the system logs I see:
    Jul 25 22:28:18 WAN Default deny rule IPv4 (1000000103) x.x.x.x:13173 x.x.x.x:22000 TCP:S
    and also,
    Jul 25 22:33:31 WAN Default deny rule IPv4 (1000000103) x.x.x.x33357 x.x.x.x:22000 UDP
    (X'd out the IPs, but matched that IP to the person trying to ping me)

    I also see:
    Jul 25 22:33:31 WAN Block all IPv6 (1000000003) [fe80::fa1d:fff:fe74:9ca2] [ff02::1] ICMPv6

    are those tcp/udp requests the ping being blocked? Or the blockallIPv6? Or something else?



  • Post a screenshot of the WAN rules. I spun up my lab and tried it. WAN on 192., LAN on 10. From my desktop I couldn't ping the WAN. Then I added the rule below and ping worked fine.

    1564096905871-screenshot-from-2019-07-25-19-18-37.png



  • alt text

    alt text



  • Unless you are using IPv6, I would disable it via Advanced Settings. Try just an IPv4 rule.



  • rebooted again and it works now, fun stuff



  • Awesome.


Log in to reply