|
| ||||
 |
|
Home | Reviews | Tools | Forums | FAQs | Find Service | ISP News | Maps | About |
|
how-to block ads |
5. Firewalls and NAT
ny-monitor.dslreports.com These hosts should be be added to your firewall if ICMP ping is being blocked. The IP addresses do change from time to time, so if you must enter IP address and not DNS name, then please do an NSLOOKUP or PING to make sure of the current IP address.  got feedback?Is the east monitor dslreports-east1.speakeasy.net?
If so strange that I can ping this address in 16ms and my line monitor shows 50ms.
Also, looking at the tracert to the west coast, the time really takes a jump between washington Level3 and mclean.covad.com, it goes from 23ms on level3 to 101ms on mclean.covad.com and all points further west. 2011-12-21 20:02:06 (pende_tim by edited by KeysCapt The machines that (currently) do the monitoring are ny-monitor.dslreports.com sjc-monitor.dslreports.com dslreports-west2.speakeasy.net (64.81.79.40 AND 64.81.79.41) These hosts should be be added to your firewall if ICMP ping is being blocked. The IP addresses do change from time to time, so if you must enter IP address and not DNS name, then please do an NSLOOKUP or PING to make sure of the current IP address. Important: if you PADLOCK your zonealarm, no matter what, you are disconnected from the net. This will break monitoring. If you wish fulltime line monitoring, the PADLOCK function should not be used.
got feedback?by If you have a SonicWALL hardware firewall there are two methods you can use to setup your system to respond to pings:Method 1: You can pass incoming pings through the SonicWALL to a PC on the LAN and then have the PC respond to the pings. Method 2: You can have the SonicWALL respond to pings directly. To use Method 1 (your PC responds to pings) follow these steps: (1a) Open the SonicWALL web admin by entering the SonicWALL's LAN IP address into a web browser on a PC on the LAN side of the SonicWALL. (1b) Go to Access, Services and make sure Ping shows up in the list of services. If not, add the Ping service. (1c) Go to Access, Rules, Add New Rule and add two rules Rule 1 - Action=allow - Service=ping - Source=WAN, 216.200.176.6 <= DSLR WC server “sjc-monitor.dslreports.com” - Destination=LAN, 192.x.x.x <= LAN address of PC to respond to pings Rule 2 - Action=allow - Service=ping - Source=WAN, 206.65.191.129 <= DSLR EC server “ny-monitor.dslreports.com” - Destination=LAN, 192.x.x.x <= LAN address of PC to respond to pings (1d) If you have a software firewall on the LAN PC be sure to allow pings there as well. To use Method 2 (SonicWALL responds to pings) follow these steps: (2a) Open the SonicWALL web admin by entering the SonicWALL's LAN IP address into a web browser on a PC on the LAN side of the SonicWALL. (2b) Go to Access, Services and make sure Ping shows up in the list of services. If not, add the Ping service. (2c) Go to Access, Rules, Add New Rule and add two rules Rule 1 - Action=allow - Service=ping - Source=WAN, 216.200.176.6 <= DSLR WC server “sjc-monitor.dslreports.com” - Destination=LAN, 192.x.x.x <= LAN address of SonicWALL Rule 2 - Action=allow - Service=ping - Source=WAN, 206.65.191.129 <= DSLR EC server “ny-monitor.dslreports.com” - Destination=LAN, 192.x.x.x <= LAN address of SonicWALL General notes: You can have the SonicWALL “stealth mode” enabled (Access, Services, Stealth Mode) and both methods will still work. You can use “*” for the WAN address in the SonicWALL rules to allow pings from anyone, but the nice thing about using explicit rules for each DSLR server is that you don't make yourself visible to the general public. I don't think it's a security risk to leave the server-specific rules in place. Of course, if DSLR changes their server IP addresses you need to change your rules.
got feedback?by wingman8 got feedback?Didn't find anything for OpenWRT (Kamikaze 8.09) either here or on OpenWRT forum. By default OpenWRT firewall doesn't allow pings from the WAN.
Looks like the only way to enable is to modify /lib/firewall/uci_firewall.sh. Add the following line to addif() function:
$IPTABLES -A INPUT -p icmp -j ACCEPT 2008-12-19 22:37:37 (ymhee_bcex by Recent Linksys, DLink and other routers' firmware allows you to configure the router to be unpingable from outside. "Block WAN Requests" for older devices and "Block Anonymous Internet Requests" for newer 'Cisco' branded devices. DLink uses "Discard PING from WAN side". Enabling these router features will break monitoring.We recommend if you wish to be monitored, do not select the "Block WAN Requests"/"Block Anonymous Internet Requests"/"Discard PING from WAN side" option on the router configuration screen. Your router can still be password protected, and will be secure. Also try disabling "SPI" , as this also may block external pings.
got feedback?by edited by mjf got feedback?Needs to be updated to current versions
Let me know if you would like my help 2010-05-15 04:05:13 (amysheehan by Create a Firewall Rule:Action: Pass Interface: WAN Protocol: ICMP ICMP type: Echo Source type: Any Destination: WAN Address got feedback?by EUS | |||||||||
| Monday, 20-May 09:19:08 | Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo over 13.5 years online © 1999-2013 dslreports.com. |
