Home/Support/Support Forum/Why do pings time out from devices connected to my WR21
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

Why do pings time out from devices connected to my WR21

0 votes
I'm using the firewall, with an almost default configuration. I've added 2 forwarding rules, as well as a rule to allow incoming icmp. I'm also using the DHCP server, with a static address reservation. I'm able to connect inbound to my device with no issues, but outgoing ping requests don't get a response, and my device acts as though it has no outgoing internet connection.
asked Nov 21, 2014 in Digi TransPort Cellular by joe.vance New to the Community (1 point)

Please log in or register to answer this question.

2 Answers

0 votes
What are your firewall rules? ("type fw.hit")

What interfaces is your firewall active on? ("nnn x firewall ?" where nnn is your interface and x is the instance)

What are your routes? (route print)
answered Nov 21, 2014 by NicholasWilson Veteran of the Digi Community (1,003 points)
Current firewall rules:

#Allow any other outbound traffic and the replies back in
pass out log break end inspect-state
pass in break end proto icmp
#Allow incoming IPSEC
pass break end proto 50
pass in break end proto udp from any to any port=ike
pass in break end proto udp from any to any port=4500
#Allow any traffic within an IPSEC tunnel in both directions
pass break end oneroute any
#Allow incoming SSH and SFTP
pass in break end proto tcp from any to any port=22 flags S!A inspect-state
#Allow incoming HTTPS
#pass in break end proto tcp from any to any port=443 flags S!A inspect-state
pass in break end proto tcp from any to any port=8443 flags S!A inspect-state
pass in break end on ppp 1 from any to addr-ppp 1 port=http -> to 192.168.1.100 port=http inspect-state
pass in break end on ppp 1 from any to addr-ppp 1 port=443 -> to 192.168.1.100 port=443 inspect-state
#Block and log everything else including incoming telnet, http and FTP
block log break end

The firewall is active on ppp 1 only.

routing table:

Destination Gateway Metric Protocol Idx Interface Status
166.xxx.xxx.xxx/29 166.xxx.xxx.xxx 1 Local - PPP 1 UP
192.168.1.0/24 192.168.1.1 1 Local - ETH 0 UP

0.0.0.0/0 166.xxx.xxx.xxx 2 Static 0 PPP 1 UP
commented Nov 21, 2014 by joe.vance New to the Community (1 point)
moved Nov 21, 2014 by joe.vance
Current firewall rules:

#Allow any other outbound traffic and the replies back in
pass out log break end inspect-state
pass in break end proto icmp
#Allow incoming IPSEC
pass break end proto 50
pass in break end proto udp from any to any port=ike
pass in break end proto udp from any to any port=4500
#Allow any traffic within an IPSEC tunnel in both directions
pass break end oneroute any
#Allow incoming SSH and SFTP
pass in break end proto tcp from any to any port=22 flags S!A inspect-state
#Allow incoming HTTPS
#pass in break end proto tcp from any to any port=443 flags S!A inspect-state
pass in break end proto tcp from any to any port=8443 flags S!A inspect-state
pass in break end on ppp 1 from any to addr-ppp 1 port=http -> to 192.168.1.100 port=http inspect-state
pass in break end on ppp 1 from any to addr-ppp 1 port=443 -> to 192.168.1.100 port=443 inspect-state
#Block and log everything else including incoming telnet, http and FTP
block log break end

The firewall is active on ppp 1 only.

routing table:

Destination Gateway Metric Protocol Idx Interface Status
166.xxx.xxx.xxx/29 166.xxx.xxx.xxx 1 Local - PPP 1 UP
192.168.1.0/24 192.168.1.1 1 Local - ETH 0 UP

0.0.0.0/0 166.xxx.xxx.xxx 2 Static 0 PPP 1 UP
commented Nov 21, 2014 by joe.vance New to the Community (1 point)
0 votes
I think I've figured it out. I didn't have NAT enabled on my PPP 1 interface.
answered Nov 21, 2014 by joe.vance New to the Community (1 point)
...