LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-17-2008, 01:25 PM   #1
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,033

Rep: Reputation: 69
How to configure linksys WRT54GL router to forward icmp echo requests?


I have a few computers on my home network. I want to make it possible to where if I ping my external ip, the router would forward the ping to an internal ip. My only guess would be to go to the Applications & Gaming Port Range Forward screen. However, from my understanding icmp doesn't have a port number. So how can I configure my router to forward external pings to an internal ip?

I've already configured that internal ip by setting
/proc/sys/net/ipv4/icmp_echo_ignore_all to 0

Would I need to change anything else in this directory?
 
Old 08-17-2008, 02:47 PM   #2
bmarx
Member
 
Registered: Dec 2004
Distribution: Slackware, Arch, FreeBSD
Posts: 202

Rep: Reputation: 34
If the router is the first device that the WAN connection reaches, then you are probably looking for a DMZ option on your router.
 
Old 08-17-2008, 04:13 PM   #3
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,033

Original Poster
Rep: Reputation: 69
I found a DMZ in my router's configuration. It says it would expose the router to the Internet and that all ports will be accessible from the Internet.

I wouldn't want all of my router's ports to be unfiltered when scanned by an external ip. Wouldn't it be better to use the Applications and Gaming Port Range Forwarding screen?

In either case, I'd have to port forward a port to the internal ip that I want to receive ping requests. So that being said, what port would the ping request be sent on, by default?
 
Old 08-18-2008, 09:53 PM   #4
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,033

Original Poster
Rep: Reputation: 69
Anybody have any ideas?
 
Old 08-19-2008, 06:32 PM   #5
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,033

Original Poster
Rep: Reputation: 69
major bumpage
 
Old 08-21-2008, 10:15 AM   #6
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,033

Original Poster
Rep: Reputation: 69
anyone? So a ping doesn't travel on a port because it is neither tcp or udp, it's icmp. So, what would I have to do to forward an icmp ping request from a router to an internal computer? It'd be sending this ping from outside the internal network. Would enabling DMZ really work since icmp is not tcp or udp? What router setting would I need to change to have it forward to that internal ip?
 
Old 08-21-2008, 12:29 PM   #7
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,033

Original Poster
Rep: Reputation: 69
I read that my Linksys WRT54GL does not have the ability to forward icmp. Which wireless router would you guys recommend? I need one that is more sophisticated, preferably wireless and that supports band N.
 
Old 08-21-2008, 01:38 PM   #8
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
Quote:
Originally Posted by trist007 View Post
I read that my Linksys WRT54GL does not have the ability to forward icmp.
Is this a case that the Linksys router won't forward icmp or is the limitation in the Linksys firmware. Since you've got a GL, you should be able to put one of the non-linksys firmwares on there like Tomato or dd-wrt. They might have the capability and save you the cost of a new router.
 
Old 05-02-2010, 06:39 PM   #9
jesset77
LQ Newbie
 
Registered: May 2010
Posts: 1

Rep: Reputation: 0
NAT does not forward ICMP

ICMP was never designed to be forwarded. ICMP is a protocol whereby a given IP address tells the world in crude terms what it can see and what it can reach. Your WAN IP, for better or for worse, refers to your router and not your LAN device. So it is not ideal, in the bigger picture, for it to respond on behalf of your LAN device.

ICMP is buried pretty deeply in the network stack in most firmwares and kernels. Even if you run a linux routing solution such as OpenWRT, I'm pretty sure you'll need to hack and recompile the kernel to alter the behavior of ICMP. It is mature, reliable at what it's supposed to do, and thus insulated from being warped to other goals.

That said, I respect what you want to be able to achieve: to find out if your interior resource is online or not. To that end, there are dozens of less intrusive methods to do so.

* Dynamic DNS: There are a shit ton of free Dynamic DNS services online, and all are designed to cater to the needs of people like yourself: stuck behind a nat/firewall, potentially with a changing IP address, who just want to dial back into their network for simple stuff. Such services normally include applications you run on your desktop machine that regularly dial out to confirm their present WAN-IP address. As a side effect, they also advertise reachability through the same channel, and the dyndns service often allows you to graph that reachability over time. In case you are paying for a static/non-changing WAN IP address, this approach could save you money since you could access the dynamic DNS name instead of the IP for dialing back into your LAN.

* TCP Ping: port forward some TCP port to your local device, and then most forms of probing software (nmap, netcat, socat, nagios, cacti) can use attempts to connect that port to gain the same data as they would from an ICMP echo: namely, whether or not the host is up.

* POSIX box on the LAN: set up a POSIX compliant machine (unix, linux, bsd, cygwin) in your lan, with port forwarding to it's SSH port. Then your monitoring efforts can SSH onto that box and ping the device from within the LAN. Many network monitoring tools such as Nagios allow you to set up a satellite process on such a box to communicate with the main process, and ping whatever devices you wish on the LAN. This also allows you to securely SSH tunnel into your LAN to access local resources (remote desktop, for example) and gives you an encrypted channel for free, meaning you might do away with some port forwards you might otherwise be using.

* VPN: If you cannot spare a POSIX box, or if your monitoring software demands that it sends the ICMP packets directly from the WAN, then you can establish a VPN between your LAN and your monitoring machine such that your monitoring machine would then be allowed to access and ping devices on your LAN routed through the VPN. If you can't bring Mohamed to the mountain.. :P This has similar advantages to SSH tunneling above, you can VPN onto your LAN to access your gear and even file share or print while on the go.

I hope one of these solutions helps you out. I know that thinking "why can't ICMP just forward?" is seductive, but to a network engineer it's like seeing Pebbles bonk her head against the wall and wish the wall just wasn't there (of course, there's a tarpit on the other side... and learning to turn is more globally harmonic than infinitely large houses. 8I)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
QoS question with Linksys WRT54GL and Tomato kotty Linux - Networking 1 01-02-2008 02:35 PM
Need help with Linksys WRT54GL linda Linux - Wireless Networking 7 04-01-2007 08:22 AM
VPN over Linksys WRT54GL Mr.Gosh Linux - Networking 3 08-01-2006 03:47 AM
Help installing Wireless-G Broadband Router Linksys WRT54GL rickklaw Linux - Wireless Networking 5 05-18-2006 06:59 PM
ICMP packet requests Ch@meleon Linux - General 0 11-29-2001 01:03 PM


All times are GMT -5. The time now is 03:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration