Firewall – Allowing Ping and Trace
Page 32
By default the U-verse RG does not reply to Ping or
Trace and does not allow those to be passed thru the
firewall from the WAN side.
To enable Ping and Trace on the NVG510 we must
use the Packet Filter tab in the Firewall.
We would need to change the Enable Filter to On
We need to then drop down to the Filter Rule Entry
section and select Pass
Then enter the Source IP or IP range from which we
wish to accept Pings / Traces from – typically the home
office or a managing location.
Then enter the Destination IP Address Range –
again a single IP or and IP range to allow Pings to at
this location. Such as the IP of the RG, or a PC or
Router / Firewall behind the RG or for Static IP
addresses behind the RG.
Then select the Protocol – ICMP for Ping and Trace.
Source Port and Destination Port can be left blank as
this is for TCP / UDP traffic not ICMP.
ICMP Type can also be matched
A note about ping and trace –ICMP requests are quite often
not answered or answered with a very low priority. Actual
data traversing the same hop has a higher priority and does
not experience the same delay. So for example in a trace
today you may see time outs but the trace completes. The
time outs do not indicate a problem but instead indicate only
that those hops are configured not to reply to ICMP requests.
Also if the destination device is set to not reply then a ping or
trace can time out and still not be an accurate indicator of if
there is a problem. So keep this in mind.
Comments to this Manuals