From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPS id 4755179 for ecs-isp@2rosenthals.com; Thu, 25 Aug 2022 15:59:14 -0400 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:58227 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oRJ0Q-0003vV-2W for ecs-isp@2rosenthals.com; Thu, 25 Aug 2022 15:59:10 -0400 Received: from mta-101b.earthlink-vadesecure.net ([51.81.61.61]:52713 helo=mta-101a.earthlink-vadesecure.net) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.95) (envelope-from ) id 1oRJ0N-00025n-1I for ecs-isp@2rosenthals.com; Thu, 25 Aug 2022 15:59:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; bh=WK/VDpVBi+Rk5jb3LA/iv05gDw5/A+5fCbSQ4R 7fBvY=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-subscribe:list-post: list-owner:list-archive; q=dns/txt; s=dk12062016; t=1661457546; x=1662062346; b=eaMRQkH4ljJ4+nh7FIX0tKs1Z/l/aK56k2qX/qNV7dk4t2O7nKAGOnT +E3iasGLWjHYFUXU+/1lrXZpxkejAqjHSCPi0bQsSiSlcEJc/ff8xw7uUKbfg/zNricrXzi Lp0BzpwON3GVN6H0d3+jwc0ZcrYt6k5ed/5Vt7QOoMwXGeraVeO3VtqFTBuGZAy6uUuNxKU EBEaT2iJH9x3bCxJnzZQ/GoYxwTVHTjsuNm1J3OjwyXaLiwUEd8+60T3ugEzhfT3fKIyKHW KF9CfWcZPcNsrkxj6e/RljfaMACm5PkAIeL0E39GOrnRCKFfYUcyKJhpZTQghzk5aMZ2sGw sug== Received: from slamain ([108.193.252.181]) by smtp.earthlink-vadesecure.net ESMTP vsel1nmtao01p with ngmta id bca02919-170eaed5ecadad05; Thu, 25 Aug 2022 19:59:06 +0000 Message-ID: <6307cd5f.54.mr2ice.fgrirsq@earthlink.net> Date: Thu, 25 Aug 2022 12:28:31 -0700 To: "eCS ISP Mailing List" In-Reply-To: Subject: Re: [eCS-ISP] IJ FW 4.2.2 ICMP not working X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.23/60 In , on 08/25/22 at 08:40 PM, "Roderick Klein" said: Hi, >On 25-08-22 10:06, Massimo S. wrote: >> #Inetcfg: CURRENT DEFAULT MINIMUM MAXIMUM >I got it wrong. Are you certain you did not block ICMP traffic in Injoy >firewall itself ? FWIW, this depends on the firewall security level and any custom rules that might be in place. Massimo, did ICMP ever work on this system or did some ijfw rule change cause this? Based on what you say, I have to assume you have added VPN and IPSEC rules to the standard level 4 ruleset. I would recommend checking these rules and the rule order and make sure these new rules are not preventing ICMP. One way to test this is add add the custom rule C-Enable-Ping Comment = "Enable ping", Protocol = ICMP, Rule-Action = Allow at the top of your firerule.cnf. This will prevent the rules that may follow from blocking ICMP. We prefer to run at Level 5, even though we don't use ijfw for ipsec or vpn, so that ports are blocked by default along with ICMP. We open specific ports in firerule.cnf and allow ICMP with a variation of the above rule. Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------