What's new

router replying to WAN ping even with respond ICMP setting disabled

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ashishcp

New Around Here
Hi All,
I have a RT-AC88U router, which connects to 3 other (1xAC88U and 2xAC68U) mesh nodes. All have merlin (384.19) firmware flashed. Pihole/DHCP and recursive DNS (unbound) running on another machine on network.

The issue is I have disabled Respond to ICMP Echo request from WAN on the router, but running a test on ShieldsUp website; informs me my system has replied to ping. Even with Skynet enabled or disabled, I get the same result. I am new to iptables, (have already locked myself out of the router a few times and had to remake the whole mesh network) and have attached the output file as well. The iptable entries are defaults haved changed them this time. Any help to resolve this issue would be appreciated.
Capture_routerSettings.JPGCapture_ShieldsUP.JPG
 

Attachments

  • router_iptables_output.txt
    13.1 KB · Views: 196
Does your RT-AC88U have a public IP address? Maybe it is NATed behind another router.
 
No, it was a bit of a long shot. If your router didn't have a public IP address (e.g. it was 100.64.x.y) the ping replies would have made sense.

I suppose it's still possible that it's a false positive being generated by your ISP's equipment, but that seems unlikely.

What kind of connection to the internet do you have, cable modem? Are you using a VPN client on the router?

Have you rebooted the router since changing that option in the GUI?
 
I'm out of ideas. The iptables output you provided shows there are no matches to the DROP rule in the INPUT_PING chain. But maybe that was becuase you hadn't done the ShieldsUp test since resetting the counters.
 
Note that if you test over IPv6, your router will always respond to ICMP ECHO requests because that is mandated by the RFCs.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top