cancel
Showing results for 
Search instead for 
Did you mean: 

Why is my WAN IP no longer pingable?

Community Veteran
Posts: 1,229
Thanks: 1
Registered: 30-07-2007

Why is my WAN IP no longer pingable?

This is a bit odd.
I normally have my router set to allow pings, apart from which I let it run in default NAT mode without any open ports.
I also have free ZoneAlarm installed on my XP Home SP2.
I have a DYNDNS address (as I'm on BB+ with a dynamic IP)
This setup has until today allowed my to use L8NC to monitor my line.
I went away about 10 days ago, taking my lappy with me. I switched off the router while I was away. I also used my laptop on holiday on an open wireless connection provided at the cottage where I was staying, and modified ZA setup accordingly to allow this.
So got home today, switched on router, switched on laptop, deleted the cottage IPs from ZA, and I'm back surfing. Fine.
I also re-enabled L8NC test. Not fine.
L8NC can't ping me, and nor can I ping myself either on the correct octets or the dyndns domain.
NSLOOKUP returns the correct IP for the dyndns domain.
However if I switch ZA off I am pingable again.
But ZA shouldn't be able to block pings into the WAN-side IP of the router, surely? And in fact it never used to until today. (Also I have the PN firewall OFF)
SO there's something I've overlooked or forgotten isn't there?
Who's gonna tell me what it is before I go a bit nutty?

thanks

Paul
6 REPLIES
Community Veteran
Posts: 1,229
Thanks: 1
Registered: 30-07-2007

Why is my WAN IP no longer pingable?

OK here's some more info:

From another (linux) box on my LAN I can ping my router's WAN IP and dyndns domain, and I can do the same from a browser using dnsstuff.com.

wha?

Paul
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Why is my WAN IP no longer pingable?

Pinging internally does not usually access your external WAN IP but does the ping using the routers local IP address.

Also pings don't normally pass through a router;s firewall in NAT mode without some form of firewall rule to allow ICMP packets through, so stopping ZA would not normally have any impact on the pinging. Have you setup a rule to allow ICMP packets through to your PC, if so then teh problem may be local - i.e. ZA settings - which may have been affected by you connecting to a different network.

What router are you using?

Is it set to allow/respond to pings as some routers require you to tick a box to allow it to reply to pings.
Community Veteran
Posts: 1,229
Thanks: 1
Registered: 30-07-2007

Why is my WAN IP no longer pingable?

Thanks Peter.

If you check my original post you'll see that I have my router set to accept pings from the internet, and that "default" implies that I have no firewall rules setup save those whih are preconfigured. And just also to note that I'm pinging the wan ip not my internal lan IP, and the dyndns domain as well.

When I used to use tracert (which I seem to remember uses the same icmp protocol) it certainly went out through my router to the PN gateway and then back in again (I used to see a complete route) and I'm assuming that ping will do the same thing.

Note that if I try to tracert now I just get the "asterisks" .

As you point out (and as I already said in my first post) ZA should have no effect on incoming pings to a router

It's a DrayTek 2800VG btw
Community Veteran
Posts: 1,229
Thanks: 1
Registered: 30-07-2007

Why is my WAN IP no longer pingable?

I "fixed" this by adding my dyndns domain to the trusted zone in ZA, but I'm still confused as to why I should have to do so when the pings should just hit the router and not the laptop ...
Community Veteran
Posts: 4,729
Registered: 04-04-2007

Why is my WAN IP no longer pingable?

Quote
I "fixed" this by adding my dyndns domain to the trusted zone in ZA


Alarm Bells

Now I am not sure "Not free from Faults, nor yet too vain to mend." and all that.

But have you just put a great big hole through your software firewall, that will allow all internet traffic through without check? Rendering ZA useless.

OK, unless your PC is in the DMZ of your Draytek, then you will still have a hardware firewall.

Chilly
Community Veteran
Posts: 1,229
Thanks: 1
Registered: 30-07-2007

Why is my WAN IP no longer pingable?

thanks for the warning Chilly

I've added it to the trusted zone not the internet zone so that *should* be OK, plus I tested with grc.com and it shows everything as secure (I know that's not infallible

don't forget ZA is belt 'n' braces as I already have a NAT router in the way.

but further thoughts, suggstions and discussions are welcome, as I certainly get brain-fade when it comes to security.

paul