External ping (icmp)

Newbie questions:
Router wan ip:x.x.x.x
Router lan ip
Pc ip:

  1. How icmp ping the router from outside (from internet);
    2.How icmp ping the pc from outside (from internet);

Assuming the WAN IP can be reached from the internet (i.e. isn't a private address or behind cgnat) you can just ping it from a different device elsewhere on the internet. There's plenty of websites that let you ping addresses.

With difficulty.


What settings, port forwarding, etc should I set in order to be able to ping. Please answer more specifically.

You CANT ping x.x.x.x from outside, dude! Without special setup. So. What setup need?

OpenWRT's default firewall settings is set to allow pings to the WAN interface. You absolutely can ping a public (i.e. not CGNAT) IP address that is on the WAN interface, assuming it's not behind another firewall.

1 Like

Yes, sorry, you're right. I was obviously predisposed to think, as in the case of an instance from Amazon, for example. (there external ping is forbidden by default).

Then, an academic question. How to disable external ping on openwrt?
And what about question 2?

You can disable the ping on OpenWrt wan interface by disabling the firewall rule which allows it.
For question 2, you can forward the ICMPs to an internal host.


Question 2. Please give more detailed instruction.
Where do this:

  • Firewall - Port Forwards
  • Firewall - Traffic Rules

After disable the standart rule Allow-Ping and add new rule from your exampe, still cannot ping
ping x.x.x.x
bla bla, icmp_seq=1 Destiantion port unreachable
The is pinging in local net

You need to add a port forward for icmp from wan to lan host

look my last post

I read it. You added a rule, but you should add a port forward.

P.S. What the config file the UCI firewall use in the latest firmwares?
So i need delete all ICMP rules from Firewall - Traffic Rules and add the port forward in Firewall - Port Forwards ?
Why so hard to post 2 screens or something? Why need the tons of posts?

Same as in previous firmwares.

You don't need to delete it, you can just disable the rule. And to forward any traffic from wan to lan you need to add a port forward.

1 Like


Really, the config file is the same /etc/config/firewall in all firmwares I remember. If you mean something else, you'd better structure your questions more clearly. Also the I don't see how the referenced topic is connected to your question.

1 Like

If you immediately answered like this - it would be better, what do you think?

I have disable Firewall - Traffic Rules - Allow-Ping and add this

But cannot ping for timeout reason

P.S. Absolutely LOL.
Before giving an answer - no one tested on their PC. And why - it's better to talk on the forum, some kind of horseradish, increasing your message counter, with vague answers.

Really not the best way to approach getting assistance, especially when you're wanting to be spoon fed the answers...

But as to why the ping isn't working, have you checked if the device you're trying to ping has a firewall that's blocking the ping?


Look my previous quote

The device being in the 'local net' doesn't mean it doesn't have a firewall running on it.