How to configure linksys WRT54GL router to forward icmp echo requests?
 

I have a few computers on my home network. I want to make it possible to where if I ping my external ip, the router would forward the ping to an internal ip. My only guess would be to go to the Applications & Gaming Port Range Forward screen. However, from my understanding icmp doesn't have a port number. So how can I configure my router to forward external pings to an internal ip?

I've already configured that internal ip by setting
/proc/sys/net/ipv4/icmp_echo_ignore_all to 0

Would I need to change anything else in this directory?

If the router is the first device that the WAN connection reaches, then you are probably looking for a DMZ option on your router.

I found a DMZ in my router's configuration. It says it would expose the router to the Internet and that all ports will be accessible from the Internet.

I wouldn't want all of my router's ports to be unfiltered when scanned by an external ip. Wouldn't it be better to use the Applications and Gaming Port Range Forwarding screen?

In either case, I'd have to port forward a port to the internal ip that I want to receive ping requests. So that being said, what port would the ping request be sent on, by default?

Anybody have any ideas?

major bumpage

anyone? So a ping doesn't travel on a port because it is neither tcp or udp, it's icmp. So, what would I have to do to forward an icmp ping request from a router to an internal computer? It'd be sending this ping from outside the internal network. Would enabling DMZ really work since icmp is not tcp or udp? What router setting would I need to change to have it forward to that internal ip?

I read that my Linksys WRT54GL does not have the ability to forward icmp. Which wireless router would you guys recommend? I need one that is more sophisticated, preferably wireless and that supports band N.

Is this a case that the Linksys router won't forward icmp or is the limitation in the Linksys firmware. Since you've got a GL, you should be able to put one of the non-linksys firmwares on there like Tomato or dd-wrt. They might have the capability and save you the cost of a new router.

NAT does not forward ICMP
 

ICMP was never designed to be forwarded. ICMP is a protocol whereby a given IP address tells the world in crude terms what it can see and what it can reach. Your WAN IP, for better or for worse, refers to your router and not your LAN device. So it is not ideal, in the bigger picture, for it to respond on behalf of your LAN device.

ICMP is buried pretty deeply in the network stack in most firmwares and kernels. Even if you run a linux routing solution such as OpenWRT, I'm pretty sure you'll need to hack and recompile the kernel to alter the behavior of ICMP. It is mature, reliable at what it's supposed to do, and thus insulated from being warped to other goals.

That said, I respect what you want to be able to achieve: to find out if your interior resource is online or not. To that end, there are dozens of less intrusive methods to do so.

* Dynamic DNS: There are a shit ton of free Dynamic DNS services online, and all are designed to cater to the needs of people like yourself: stuck behind a nat/firewall, potentially with a changing IP address, who just want to dial back into their network for simple stuff. Such services normally include applications you run on your desktop machine that regularly dial out to confirm their present WAN-IP address. As a side effect, they also advertise reachability through the same channel, and the dyndns service often allows you to graph that reachability over time. In case you are paying for a static/non-changing WAN IP address, this approach could save you money since you could access the dynamic DNS name instead of the IP for dialing back into your LAN.

* TCP Ping: port forward some TCP port to your local device, and then most forms of probing software (nmap, netcat, socat, nagios, cacti) can use attempts to connect that port to gain the same data as they would from an ICMP echo: namely, whether or not the host is up.

* POSIX box on the LAN: set up a POSIX compliant machine (unix, linux, bsd, cygwin) in your lan, with port forwarding to it's SSH port. Then your monitoring efforts can SSH onto that box and ping the device from within the LAN. Many network monitoring tools such as Nagios allow you to set up a satellite process on such a box to communicate with the main process, and ping whatever devices you wish on the LAN. This also allows you to securely SSH tunnel into your LAN to access local resources (remote desktop, for example) and gives you an encrypted channel for free, meaning you might do away with some port forwards you might otherwise be using.

* VPN: If you cannot spare a POSIX box, or if your monitoring software demands that it sends the ICMP packets directly from the WAN, then you can establish a VPN between your LAN and your monitoring machine such that your monitoring machine would then be allowed to access and ping devices on your LAN routed through the VPN. If you can't bring Mohamed to the mountain.. :P This has similar advantages to SSH tunneling above, you can VPN onto your LAN to access your gear and even file share or print while on the go. :D

I hope one of these solutions helps you out. I know that thinking "why can't ICMP just forward?" is seductive, but to a network engineer it's like seeing Pebbles bonk her head against the wall and wish the wall just wasn't there (of course, there's a tarpit on the other side... and learning to turn is more globally harmonic than infinitely large houses. 8I)