Topic: [howto] Enable pinging OpenWRT router

The content of this topic has been archived on 22 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

ymhee_bcex

2 Mar 2009, 05:58

I have my router monitored by [url href=http://www.dslreports.com/schedule]external system[/url]; so if it's not pingable - it reports that the system is down.

"off the shelf" Kamikaze comes with ping disabled. If you want to enable it, comment out the following line in /lib/firewall/uci_firewall.sh (in my 8.09 it's line 194)

# $IPTABLES -A reject -j REJECT --reject-with icmp-port-unreachable

I would like to hear developers' opinion, is there a better way to accomplish that... but until then, this will work

(Last edited by ymhee_bcex on 2 Mar 2009, 05:58)

Post #2

KillaB

2 Mar 2009, 17:00

UCI is the preferred method, and adding the following to "/etc/config/firewall" works for me:

config rule
        option _name    ping
        option src      wan
        option proto    ICMP
        option target   ACCEPT

Post #3

ymhee_bcex

5 Mar 2009, 02:26

Good alternative, although frankly I never found any documentation about it.

The only problem is that X-Wrt wipes out proto ICMP setting, replacing it with TCP, - every time I make any change in any firewall rules. Even if it's a bug in X-Wrt, I am likely to forget about this next time I make some change

Post #4

Yanira

5 Mar 2009, 10:33

KillaB wrote:

UCI is the preferred method, and adding the following to "/etc/config/firewall" works for me:
config rule
        option _name    ping
        option src      wan
        option proto    ICMP
        option target   ACCEPT

Please also always post the UCI CLI commands:

root@OpenWrt:~# uci add firewall rule
root@OpenWrt:~# uci set firewall.@rule[-1]._name=ping
root@OpenWrt:~# uci set firewall.@rule[-1].src=wan
root@OpenWrt:~# uci set firewall.@rule[-1].target=ACCEPT
root@OpenWrt:~# uci set firewall.@rule[-1].proto=ICMP
root@OpenWrt:~# uci commit firewall
root@OpenWrt:~# /etc/init.d/firewall restart

Post #5

savitrinegi

11 Feb 2011, 07:05

hi
From above discussion i can make out that ping is disabled on kamikaze ,and we have to enable it
Iam unable to ping on wifi0 even after trying the above method.
Any idea what Iam doing wrong
savitri negi

Post #6

rhys100

11 Sep 2015, 13:05

Hi Guys, we successfully (I + Almond + Staff member Saidur) implement a permanent fix for this that does not remove ICMP ping every restart.

Please edit your RC.local file to include

iptables --table filter -D reject --jump REJECT --reject-with port-unreach
iptables -A INPUT -i eth0 -p tcp --destination-port 1:1024 -s 0.0.0.0 -j DROP
iptables -A INPUT -i eth0 -p udp --destination-port 1:1024 -s 0.0.0.0 -j DROP

My rc.local file now looks like this.

/etc/init.d/d2 stop
/etc/d2/d2.remove

/etc/init.d/mrd6 stop
/etc/init.d/pppoe-server stop
iptables --table filter -D reject --jump REJECT --reject-with port-unreach
iptables -A INPUT -i eth0 -p tcp --destination-port 1:1024 -s 0.0.0.0 -j DROP
iptables -A INPUT -i eth0 -p udp --destination-port 1:1024 -s 0.0.0.0 -j DROP

Please let us know if you find any error or security problem with this. Thanks!

The discussion might have continued from here.

Page 1 of 1