How to enable ICMP ping response on WAN/OPT1 interfaces

hoba · Aug 26, 2006, 1:33 PM

Create a pass rule at these interfaces for protocol ICMP, source any, destination "WAN-IP-Adress" / "OPT1-IP-Adress" (depending on the interface you create that rule on).

yazzgoth · Aug 26, 2006, 2:44 PM

I've tried that ::) without luck… any other ideas?

Where does it states in the configuration of the firewall that the ICMP is being blocked?

hoba · Aug 26, 2006, 8:15 PM

status>systemnlogs, tab firewall. If you see blocks there click the small icon in front of the line. It will tell you which rule caused the block. If you don't see anything there and the ping doesn't work either there is something in front of you that causes the blocks I guess.

yazzgoth · Aug 27, 2006, 8:57 AM

I've got a popup msg with:

The rule that triggered this action is:

@69 block drop in log quick all label "Default block all just to be sure."

hoba · Aug 27, 2006, 10:03 AM

Then your rule is not correct. This is the invisible last rule that blocks everything that is not explicitly allowed.

yazzgoth · Aug 27, 2006, 10:57 AM

Any way to manually disable/alter that default rule? (ie. from command line)
It's really an easy setup - there are two WAN interfaces (WAN and OPT1) with outgoing load balancing, I can access the web gui remotly on any of the two interfaces(I've forwarded the ports for that). But the ICMP rule doesn't seem to work. I've tried many diffrent approaches, on both interfaces and still the firewall is blocking every ICMP requests I send.

hoba · Aug 27, 2006, 1:52 PM

Show me the rules. Btw, you don't need to forward a port to open up webgui access at WAN. You only need a firewall rule to permit traffic on that port.

yazzgoth · Aug 27, 2006, 10:31 PM

Action: Pass
Interface: WAN2 (OPT1)
Protocol: ICMP
ICMP Type: any
Source: any
Destination: {WAN2IP}
State type: Keep state
Gateway: {WAN2Gateway}

As for the webgui port - I know, but I want to keep it on a diffrent port on the external interfaces.

hoba · Aug 27, 2006, 10:42 PM

drop the gateway in that rule and make it default. This is not a rule for outgoing traffic and shouldn't have a gateway set.

yazzgoth · Aug 27, 2006, 11:13 PM

I've tried that as well….

I'm really stuck with that one.
It's running RC1 if that's any good.

hoba · Aug 27, 2006, 11:32 PM

upgrade to the latest version. the rule is correct if you set the gateway to default.