Mailing List ecs-isp@2rosenthals.com Archived Message #418

Fra: "Massimo S." <ecs-isp@2rosenthals.com> Full Headers
Undecoded message
Emne: Re: [eCS-ISP] IJ FW 4.2.2 ICMP not working
Dato: Wed, 14 Sep 2022 18:42:46 +0200
Til: eCS ISP Mailing List <ecs-isp@2rosenthals.com>



Il 14/09/2022 18:22, Massimo S. ha scritto:


Il 03/09/2022 00:17, Steven Levine ha scritto:
In <list-4826152@2rosenthals.com>, on 09/02/22
    at 11:09 PM, "Massimo S." <ecs-isp@2rosenthals.com> said:

Hi Massimo,

so i should try it without the gateway.exe process running

That's what's been recommended.

are we sure that it will not give issues?

Odd question.  How can anyone answer this question but you?  You have
provided almost zero information as to how the involved systems are
configured.

To recap, what we know is

  - you have a firewall system running ijfw with some set of rules
    running at level 4
  - you have a client system the connects to the firewall system
  - the client system cannot ping systems on the WAN
  - the firwall system is 60KB away
  - the client system is somewhere undocumented

Steven

my ISP have analyzed the issue and we tried from a Lan's PC
(under Injoy FW used as gateway) this:

ping 1.1.1.1 -t

they say:

*only* the ICMP protocol that pass trough the FTTC router do not come from the firewall WAN/internet static public IP, but it comes from 10.2.x.y that it's the internal lan IP

the ICMP protocol is not being natted by the firewall

so this is an issue on my setup of injoy firewall, but i don't find how it can happens

massimo


C-Enable-Ping
Comment = "Enable ping",
Protocol = ICMP,
Rule-Action = Allow

this rules have issue i've commented it on Injoy fw
and now the ISP sees ICMP coming from the right IP WAN/public/static
so the ICMP now is being correctly natted

but, it still not work:

C:\>ping 1.1.1.1 -t

Esecuzione di Ping 1.1.1.1 con 32 byte di dati:
Richiesta scaduta.


massimo


Abboner: Feed, Digest, Index.
Stopp abbonement
E-post til ListMaster