How to enable ICMP ping response on WAN/OPT1 interfaces

  • Hi,

    This is my first post here so be gentle  ::)
    I've tried to search for this on the forums and googled a bit for it but didn't manage to find anything, sorry :-\

    Can anyone help me out? How can I enable ICMP ping on WAN/OPT1 interfaces (two WANs with load balancing). I need it to debug some issues.


  • Create a pass rule at these interfaces for protocol ICMP, source any, destination "WAN-IP-Adress" / "OPT1-IP-Adress" (depending on the interface you create that rule on).

  • I've tried that  ::) without luck… any other ideas?

    Where does it states in the configuration of the firewall that the ICMP is being blocked?

  • status>systemnlogs, tab firewall. If you see blocks there click the small icon in front of the line. It will tell you which rule caused the block. If you don't see anything there and the ping doesn't work either there is something in front of you that causes the blocks I guess.

  • I've got a popup msg with:

    The rule that triggered this action is:
    @69 block drop in log quick all label "Default block all just to be sure."

  • Then your rule is not correct. This is the invisible last rule that blocks everything that is not explicitly allowed.

  • Any way to manually disable/alter that default rule? (ie. from command line)
    It's really an easy setup - there are two WAN interfaces (WAN and OPT1) with outgoing load balancing, I can access the web gui remotly on any of the two interfaces(I've forwarded the ports for that). But the ICMP rule doesn't seem to work. I've tried many diffrent approaches, on both interfaces and still the firewall is blocking every ICMP requests I send.

  • Show me the rules. Btw, you don't need to forward a port to open up webgui access at WAN. You only need a firewall rule to permit traffic on that port.

  • Action: Pass
    Interface: WAN2 (OPT1)
    Protocol: ICMP
    ICMP Type: any
    Source: any
    Destination: {WAN2IP}
    State type: Keep state
    Gateway: {WAN2Gateway}

    As for the webgui port - I know, but I want to keep it on a diffrent port on the external interfaces.

  • drop the gateway in that rule and make it default. This is not a rule for outgoing traffic and shouldn't have a gateway set.

  • I've tried that as well….

    I'm really stuck with that one.
    It's running RC1 if that's any good.

  • upgrade to the latest version. the rule is correct if you set the gateway to default.

Log in to reply