Disabled NAT IP's still pingable



  • Greetings,

    I have a bit of a head scratcher.  I have disabled a number of IPs in my NAT but I can still ping them from outside the network.

    Thoughts?

    Dino



  • You mean in [Firewall: Rules (WAN)], right ?


  • LAYER 8 Global Moderator

    Disabled in your NAT??  Huh??  what does that have to do with pinging your wan IP?  You don't forward ping to inside rfc1918 behind a nat - you sure can not do it more than once..

    What exactly are you pinging from outside your network, and lets see your wan rules as start yes.



  • Sorry.  Tried to keep it short.  Guess it was TOO short.

    In the firewall: NAT: 1:1
    We have all of our External IP's listed in the NAT. Depending on what an external IP will be used for the Internal IP will change.  When one is not being used it's assigned an internal IP that has a firewall rule that blocks ALL.  Now, yesterday I decided that I would simply disable the NATS there were not being used.  In testing it was realized that those NAT External IP's that were disabled were pingable.

    If an External IP that is in the NAT 1:1 is disabled, why is it pingable?

    I hope that is a little more clear.

    Thanks for your knowledge.

    Dino


  • LAYER 8 Global Moderator

    what does the external IP care if there is no nat.

    You need to block ping to that IP that on your wan, on the wan interface.  Post up your wan rules.



  • If an External IP that is in the NAT 1:1 is disabled, why is it pingable?

    I assume you have IP aliases for these public IP addresses you're using?  I also assume you have a WAN rule that allows ICMP with a Destination of *?  I don't believe that removing the NAT affects whether you can ping the public address or not.


Log in to reply