Cannot PING

**etrigan63** · 08-15-2007, 07:15 PM

Hey gang, recently had to promote my Untangle box from Transparent to full router/firewall to accomodate multiple static IP addresses. I have added a PASS rule to the firewall to allow PINGs but I still cannot ping my server from the outside. What am I doing wrong?

Also, if I port forward my servers do I have to open the ports on the firewall as well or will the port forward take care of that?

**richie** · 08-16-2007, 07:59 AM

hi etrigan63.

if box is doing NAT, try setting redirect rules from the router module.

Yes. port forward will do the trick. unless, the firewall global settings is set to block, then you need to create pass rules for those ports.

**etrigan63** · 08-16-2007, 08:55 AM

Okaayyy...

So I have to port forward my Untangle box (which is my edge device) to allow pings?

Also, I ran a Shields Up test against the firewall and failed miserably. What am I doing wrong and what can I do about it?

**mdh** · 08-16-2007, 09:15 AM

The Shields Up test actually did not fail. Refer to a post titled "Firewall - Stealth Ports" last responded to 4 days ago. The Untangle FIREWALL is not allowing traffic to pass through those ports, but is not hiding them either (as firewall users are accustomed to). The ATTACK BLOCKER would prevent intrusions. As was mentioned in the post I referred to, the ability to hide/show ports will likely be tunable in the future.

**vanpatrick** · 08-16-2007, 09:19 AM

About the Shields Up test, the results you're seeing aren't valid... have a look at this thread for more info: http://forums.untangle.com/networking/186-alot-open-ports.html

**richie** · 08-16-2007, 10:56 AM

Originally Posted by etrigan63

Okaayyy...

So I have to port forward my Untangle box (which is my edge device) to allow pings?

i could not replicate the issue you are having on our lab. external ip including the the aliases should respond to ping.

what i am suggesting before is to do a ping redirect ( on Router > Port Forward ) from external interface or alias going to internal host. sorry for the confusion

**etrigan63** · 08-16-2007, 11:13 AM

OK, more network details are needed here.

I have a business DSL account with AT&T which gives me 5 static IP's. I elected to go this route to circumvent an issue with the Remote Access Portal mangling Outlook Web Access on my Exchange 2007 server. Sadly, my day job requires secure web pages to be on port 443 and I could not access RAP from work otherwise (or perform remote server administration or access OWA either).

The only way to get this to work with the Netopia router AT&T sent me was to set it as an Ethernet MAC bridge and have my Untangle box handle PPPoE. This part works fine.

Where things get dicey is as follows: I have been assigned a static IP range from 74.169.172.104-111. 104 is network, 105 is gateway, 111 is broadcast. I have assigned 106 for Untangle access and 107 for mail/ftp/OWA. PPPoE assigns a dynamic IP but I have to use the statics. I have 105 set as the external address and 106&107 as aliases. Is this correct?

I cannot ping any static address. I can ping the dynamic one assigned by PPPoE but none of the static aliases.

VPN passthrough is now hosed until you deliver Untangle 5.1. I hope to beta that soon.

**dmorris** · 08-16-2007, 11:17 AM

There is a block ping checkbox for each interface under config->support->interfaces

(this will move location in 5.1)

**etrigan63** · 08-16-2007, 11:22 AM

None of the "Block Ping" boxen are checked and I can ping if I ping the PPPoE dynamic address, not the static addresses. Mind you, everything else (mail, OWA, RAP, Remote Admin, FTP) works I just can't ping.

**dmorris** · 08-16-2007, 01:55 PM

Hmm... so the issue is that you can ping the main address, but not the aliases?

Protect

Filter

Perform

Connect

Manage

Add-Ons

Thread: Cannot PING

LinkBack

Thread Tools

Cannot PING

Posting Permissions