1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Ping reply

Discussion in 'ASUSWRT - Official' started by abax2000, Sep 18, 2019.

  1. abax2000

    abax2000 Occasional Visitor

    Joined:
    Sep 7, 2018
    Messages:
    26
    Although "Respond ICMP Echo (ping) Request from WAN" in firewall settings is set to NO, I get a test result:
    "Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet..."
    while running the tests in https://www.grc.com/x/ne.dll?bh0bkyd2

    Can anyone please help/explain?
    (router is RT-AC86U with latest firmware)
     
  2. OzarkEdge

    OzarkEdge Very Senior Member

    Joined:
    Feb 14, 2018
    Messages:
    1,609
    Location:
    USA
    Is that result for your router WAN IP address?

    Are you testing the default router configuration or have you made some changes?

    Did you cycle power on the router before testing?

    Also, I would not use the latest 86U firmware 81049. I'd use 45717.

    OE
     
  3. abax2000

    abax2000 Occasional Visitor

    Joined:
    Sep 7, 2018
    Messages:
    26
    1. Yes
    2. Default I would say
    upload_2019-9-19_8-1-17.png
    upload_2019-9-19_8-2-23.png
    3. Yes (power cycled before)
    4. Firmware is indeed 3.0.0.4.384_81049, with which I have seen no problems so far.

    The network setup is very simple: modem->router->pc/devices.
    Could you please check the result in same test, if your setting is similar?
     
  4. OzarkEdge

    OzarkEdge Very Senior Member

    Joined:
    Feb 14, 2018
    Messages:
    1,609
    Location:
    USA
    I visited that page and performed the various Shields Up! tests and do not get that ping fail message. I am running 86U 45717.

    One time awhile back after a firmware install, my router failed the Shields UP! port tests... not stealth. I wasn't sure if it was the router or grc.com. I rebooted the router and did not see that test result again.

    OE
     
  5. abax2000

    abax2000 Occasional Visitor

    Joined:
    Sep 7, 2018
    Messages:
    26
    Thanks for your help.
    Tried again: power-off/power-on, webui reboot, run the test...same results as originally.
    Still Ping Reply: RECEIVED (FAILED) (but ports are stealth).

    If anybody hearing is on 81049, could you please test the same and report your findings?
     
  6. bachastain

    bachastain Regular Contributor

    Joined:
    Apr 18, 2014
    Messages:
    79
    RT-AC66U B1 router and mesh node, both on 81049. Respond ICMP Echo (ping) still set to the default No. I get no messages about Ping reply on those tests.
     
  7. abax2000

    abax2000 Occasional Visitor

    Joined:
    Sep 7, 2018
    Messages:
    26
    Thnx bachastain.

    Did a factory reset (restore with initialize), and rerun the tests.
    Same results...
    UPnP test gives "THE EQUIPMENT AT THE TARGET IP ADDRESS ACTIVELY REJECTED OUR UPnP PROBES!" (while best is "No Response"), and again "Ping Reply: RECEIVED (FAILED)".

    So, it is either something wrong with [RT-AC86U + 81049], OR something very strange in my setup.

    Anyone with [RT-AC86U + 81049] ?

    PS: in the meantime, I have send feedback to Asus with all logs to check.
     
  8. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,425
    Location:
    UK
    Are you sure your RT-AC86U has a public IP address and that you're not behind some for of NAT (check it at the top of the Network Map page)? Do you have IPv6 enabled for the WAN?
     
    OzarkEdge likes this.
  9. abax2000

    abax2000 Occasional Visitor

    Joined:
    Sep 7, 2018
    Messages:
    26
    No NAT as far as I can tell

    upload_2019-9-20_15-50-47.png

    IPv6 disabled.
     
  10. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,425
    Location:
    UK
    You are NATed. Your WAN IP address is 192.168.x.y which is a private address not a public one.

    So GRC is probing whatever device it is that connects you to the public internet.

    What device is the RT-AC86U's WAN port connected to?
     
    Natey2 and OzarkEdge like this.
  11. OzarkEdge

    OzarkEdge Very Senior Member

    Joined:
    Feb 14, 2018
    Messages:
    1,609
    Location:
    USA
    You are NATed, you dirty rat! :)

    OP: grc.com will list the IP address it is scanning and it will not be the WAN IP address listed in your router.

    OE
     
  12. abax2000

    abax2000 Occasional Visitor

    Joined:
    Sep 7, 2018
    Messages:
    26
    Modem (a Huawei bridge optical HG 8240T to be exact) is there (ISP equipment). But, I (only) suppose that this is transparent, and finally router is taking care of incoming packets.
    Indeed, all online tests/sites are reporting the public address (which I suppose is normal); and of course the public address is different from the lan-side IP addresses of router and modem (as in previous screenhots).

    So, public address is (e.g.) 95.200.200.200; modem's lan-side address is 192.168.100.1; router address is 192.168.100.2.
    Public address is the one relayed to the web.
    Lan-side router address is 192.168.1.1, and devices follow .
    But this is (I suppose) a typical scenario.
     
  13. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,425
    Location:
    UK
    I'm not particularly familiar with that type of connection or your modem, but it doesn't look like it's in bridge mode to me (but I may well be wrong).

    Check the "WAN Configuration" page on the Huawei and maybe look in the forums for your ISP for advice on the best setup.
     
  14. abax2000

    abax2000 Occasional Visitor

    Joined:
    Sep 7, 2018
    Messages:
    26
    Nothing to configure there.
    As far as I know (and declared in Huawei pages) is just a bridge ONT (not a gateway).

    Anyhow, ASFAIK, all modems provide an "internal" private address to the router downstream (e.g 192.168.100.2). Standard practice.
     
  15. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,425
    Location:
    UK
    That's true, but it's common practice for a "bridged" connection to also present the public IP address to the customer's router. This is how cable modems work. A similar principle applies to ADSL/VDSL modems with PPPoE connections.

    Just curious, who is your ISP?
     
  16. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,163
    Location:
    Canada
    But in your case it's more than that. All your traffic is routed through that network, so it is not bridged. The firewall is running in front of your router.
     
  17. AndreiV

    AndreiV Very Senior Member

    Joined:
    Aug 25, 2015
    Messages:
    903
    h*t*t* ps://setuprouter.com/router/huawei/hg8247h/manual-1979.pdf (opens download for .pdf)

    Page 85 shows Nat settings.


    ASUS connection screen using bridge modem:

    [​IMG]
     
    Last edited: Sep 20, 2019
  18. abax2000

    abax2000 Occasional Visitor

    Joined:
    Sep 7, 2018
    Messages:
    26
    Thanks all for chipping in.
    Reverted back to 45717, with no differences.

    So, it is an issue of the physical setup, as all nice gentlemen are shouting about :eek:o_O:):)
    This is a fiber connection (over which all services are provided - data, tv, telephony).

    I still cannot understand why the modem sends ICMP echoes, but seems to be the case. Furthermore, there are no relevant settings in modem webui. So, some security is missing here (modem side).


    This the modem webui...you can touch nothing there (except username and password).
    upload_2019-9-20_19-46-33.png
     

    Attached Files:

  19. AndreiV

    AndreiV Very Senior Member

    Joined:
    Aug 25, 2015
    Messages:
    903
    Can you not see the words " Enable Nat" in your screenshot and the tick selection next to it??


    Maybe your ISP pre-configures and locks down the modem .
    Maybe like other makes you have to enter "Advanced" admin mode to make changes.
    If you can't change anything , having ping response is not a bad thing, ping being blocked does absolutely nothing to increase security no matter what Mr.Gibson likes to think.
    My ISP requires ping as they monitor the line quality, if not answered over a set period they reset the line.
     
    Last edited: Sep 20, 2019
  20. abax2000

    abax2000 Occasional Visitor

    Joined:
    Sep 7, 2018
    Messages:
    26
    Locked and no "Advanced" (freely) available.

    I will take your word for it and live in peace:D

    Very sceptical about ISPs intentions around me...but it is what it is.


    And thanks a lot for the service manual.