router replying to WAN ping even with respond ICMP setting disabled

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

ashishcp

New Around Here
Hi All,
I have a RT-AC88U router, which connects to 3 other (1xAC88U and 2xAC68U) mesh nodes. All have merlin (384.19) firmware flashed. Pihole/DHCP and recursive DNS (unbound) running on another machine on network.

The issue is I have disabled Respond to ICMP Echo request from WAN on the router, but running a test on ShieldsUp website; informs me my system has replied to ping. Even with Skynet enabled or disabled, I get the same result. I am new to iptables, (have already locked myself out of the router a few times and had to remake the whole mesh network) and have attached the output file as well. The iptable entries are defaults haved changed them this time. Any help to resolve this issue would be appreciated.
Capture_routerSettings.JPGCapture_ShieldsUP.JPG
 

Attachments

  • router_iptables_output.txt
    13.1 KB · Views: 37

ColinTaylor

Part of the Furniture
Does your RT-AC88U have a public IP address? Maybe it is NATed behind another router.
 

ColinTaylor

Part of the Furniture
No, it was a bit of a long shot. If your router didn't have a public IP address (e.g. it was 100.64.x.y) the ping replies would have made sense.

I suppose it's still possible that it's a false positive being generated by your ISP's equipment, but that seems unlikely.

What kind of connection to the internet do you have, cable modem? Are you using a VPN client on the router?

Have you rebooted the router since changing that option in the GUI?
 

ColinTaylor

Part of the Furniture
I'm out of ideas. The iptables output you provided shows there are no matches to the DROP rule in the INPUT_PING chain. But maybe that was becuase you hadn't done the ShieldsUp test since resetting the counters.
 

RMerlin

Asuswrt-Merlin dev
Note that if you test over IPv6, your router will always respond to ICMP ECHO requests because that is mandated by the RFCs.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top