NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

F_V's avatar
F_V
Luminary
Jun 22, 2023
Solved

Why does blocking ICMP cause constant Orbi reboots?

OK, I'll start this by saying please do not respond if you are only going to comment, "why do you care about ICMP, why are you blocking it, etc.".  This is just an academic question from my own curio...
  • F_V's avatar
    F_V
    Jun 30, 2023

    I appreciate all the input, it's nice to see a forum where people actually help one another.  While it is annoying to have 30k unnecessary pings a day in my firewall logs, I can just filter them out in the future.  I did notice during some packet inspection that all of the Orbi satellites are also pinging the router, however blocking these doesn't seem to cause the Orbi to reboot for some reason, so I'll just leave those blocked.

     

    Thanks everyone, see you all next time I have an obscure networking question.

CrimpOn's avatar
CrimpOn
Guru - Experienced User
Jun 29, 2023
F_V wrote:

My question is this:  Why does this Orbi not allow you to block ICMP between the router and the firewall/gateway appliance?  If I allow ICMP, it works as expected, but as soon as I block ICMP traffic, the Orbi just reboots constantly, making it impossible to connect for more than a few seconds.  Does blocking ICMP tell the Orbi that it's offline and cause constant reboots?

I have been out of touch and just came across this post.  My guess is that your analysis is exactly correct.  Some time sensitive routine inside the Orbi RBRE960 periodically uses ICMP to verify that "something" is there on the WAN interface.  i.e., it is "connected".  It is fairly clear that the physical Ethernet connection being "up" is not enough.  I would venture to guess that the Orbi is looking for either:

  • The device which assigned an IP address to the Orbi using DHCP, or
  • Some specific resource on the internet, such as a DNS server or even Netgear itself.

"Oh, crap. The DHCP server that gave me an IP is no longer "THERE". I better start over."

 

This would not happen when the Orbi is  in router mode because Orbi can function perfectly well as a stand-along network with no connection to the outside world.  (Not particularly useful to most of us, but adequate for specific needs.)

 

Notice on the web admin Basic tab, the option to "Test" the internet connection:

 

How about using the pfSense to capture traffic from the Orbi WAN port.  This would reveal what the Test function is doing (in router mode), and might also reveal what address the Orbi is attempting to Ping in Access Point mode.

 

 

F_V's avatar
F_V
Luminary
Jun 30, 2023

Well, I haven't generated a .pcap capture but even with pfTop on the firewall you can see the Orbi (in AP Mode) 192.168.2.2 CONSTANTLY pinging the firewall 192.168.1.1, seems to be at a rate of between every 1 or 2 seconds.

 

Topology is cable modem LAN port plugged into pfSense WAN port, then pfSense LAN port plugged into unmanaged network switch, then network switch plugged directly into Orbi WAN port.  The switch has many other items plugged into it as well, however none of these items are pinging the pfSense.  As soon as I tell pfSense not to respond to the pings, immediate and repeated restarts of the Orbi.