Allow pinging of public IP address

[Automate]

What needs to be done to allow internet devices to ping the public (WAN) IP address of the Almond+?

[SecureComp]

Quick fix, won't last after a reboot

Code: [Select]

root@OpenWrt:~# uci add firewall rule
root@OpenWrt:~# uci set firewall.@rule[-1]._name=ping
root@OpenWrt:~# uci set firewall.@rule[-1].src=wan
root@OpenWrt:~# uci set firewall.@rule[-1].target=ACCEPT
root@OpenWrt:~# uci set firewall.@rule[-1].proto=ICMP
root@OpenWrt:~# uci commit firewall
root@OpenWrt:~# /etc/init.d/firewall restart


For it to work after a reboot, something along these lines.

https://forum.openwrt.org/viewtopic.php?id=19162

Hi Guys, we successfully (I + Almond + Staff member Saidur) implement a permanent fix for this that does not remove ICMP ping every restart.

Please edit your RC.local file to include

Code: [Select]

iptables --table filter -D reject --jump REJECT --reject-with port-unreach
iptables -A INPUT -i eth0 -p tcp --destination-port 1:1024 -s 0.0.0.0 -j DROP
iptables -A INPUT -i eth0 -p udp --destination-port 1:1024 -s  0.0.0.0 -j DROP

My rc.local file now looks like this.

Code: [Select]

/etc/init.d/d2 stop
/etc/d2/d2.remove
/etc/init.d/mrd6 stop
/etc/init.d/pppoe-server stop
iptables --table filter -D reject --jump REJECT --reject-with port-unreach
iptables -A INPUT -i eth0 -p tcp --destination-port 1:1024 -s 0.0.0.0 -j DROP
iptables -A INPUT -i eth0 -p udp --destination-port 1:1024 -s  0.0.0.0 -j DROP


[Automate]

@SecureComp  Thanks, the RC.local file changes worked.  I assume I'll have to do it again if I upgrade the firmware or do a factory reset.

[Rahaman]

@SecureComp  Thanks, the RC.local file changes worked.  I assume I'll have to do it again if I upgrade the firmware or do a factory reset.

Yes!!! you have to do it again.