What's new

Not able to ping to WAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

CntrlAltDel

Occasional Visitor
Hi everyone,

I recently switched from OPNsense back to Asus Merlin, and the only issue I'm facing is getting ICMP (ping) to work from external sources to my WAN. I’ve enabled the "Respond ICMP Echo (ping) Request from WAN" option, but it’s still not working. I even tried disabling the firewall entirely, but I still can’t ping from external sources.

I did a fresh install of version 386.14 on my RT-AC88U. It can't be that my ISP is blocking ICMP, as everything worked fine with my OPNsense setup yesterday. I feel like I might be missing something simple—any advice would be greatly appreciated!
 
Are you referencing your public IP on the WAN explicitly or using the DDNS domain name? If the latter, perhaps the public IP changed when you installed Merlin but you didn't configure DDNS to update your domain name (just a guess).
 
Are you referencing your public IP on the WAN explicitly or using the DDNS domain name? If the latter, perhaps the public IP changed when you installed Merlin but you didn't configure DDNS to update your domain name (just a guess).

Initially, I had a DDNS domain name configured, but I switched to using the public IP directly for testing, thinking it would give more accurate results. Still no luck.

I'm not sure if I’m checking the system log correctly—I’ve set the firewall to log all dropped packets, but nothing seems to be appearing in the auto-update stream in the system log.
 
Are you running a VPN client on the router at the same time? If the router itself is bound to the VPN client (as opposed to just other devices on the LAN), which would be the case, for example, if you configured "Redirect internet traffic through tunnel" on the OpenVPN client w/ "Yes(all)", you can NOT remotely access the router over the WAN at the same time.
 
Are you running a VPN client on the router at the same time? If the router itself is bound to the VPN client (as opposed to just other devices on the LAN), which would be the case, for example, if you configured "Redirect internet traffic through tunnel" on the OpenVPN client w/ "Yes(all)", you can NOT remotely access the router over the WAN at the same time.
No, in order to troubleshoot why inbound ICMPs specifically are getting blocked I kept my config as simple as possible to ensure nothing else may be causing this behaviour.
 
Issue the following iptables command to zero the packet counts on the input chain.

Code:
iptables -Z INPUT

Then attempt to ping the router from the internet side of the WAN. Then dump the firewall to see if the icmp rule is there, and whether the packets count (pkts) > 0.

Code:
iptables -vnL INPUT
 
Issue the following iptables command to zero the packet counts on the input chain.

Code:
iptables -Z INPUT

Then attempt to ping the router from the internet side of the WAN. Then dump the firewall to see if the icmp rule is there, and whether the packets count (pkts) > 0.

Code:
iptables -vnL INPUT

I can confirm the table is showing ICMP is allowed with 0 attempts being recorded even after I spammed pings from outside. This would suggest ISP might be causing some issue here. Strange because just 2 days ago with my OPNsense config everything was fine, pings were fine as well.
 
OOF!

I just went back to my OPNsense config and saw that I was using PPPOE WAN instead of DHCP. I reconfigured to PPPOE and tested inbound ICMP. Everything's working again!
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top