NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Getting IPV6 to Un-Filter ICMP???
R7800 (latest .63 firmware) Hello. Is there a way to un-filter ICMP messages using IPV6 on the R7800 router? I’ve tried BOTH stock firmware and Voxels firmware to no avail. My previous Asus rout...
- A Netgear engineer replied to my inquiry about this issue with the following:
————————————————
As per our router specification "An implementation MUST NOT send out the ICMPv6 echo reply on the router’s WAN interface if the “Respond to Ping on Internet Port” option is not enabled” for security reasons. So that means in order to allow this user must enable respond to ping on internet port. R7800 should have an option for IPv6 ping on the debug page. If you go to debug page you should see an option called “Allow external IPv6 hosts ping internal IPv6 hosts” and user need to enable this if he wants external IPv6 address to ping internal ones."
To access the debug page, just type this address on your browser 192.168.1.1/debug.htm or routerlogin.net/debug.htm and login using the router's credentials. Scroll down to the bottom and look for Allow external IPv6 hosts ping internal IPv6 hosts and enable it.
——————————————-
Should I try this or is this a security concern? Not sure what to make of this. Thanks
Nope. There is no luck getting Netgear to change this. It's been hashed for years. Netgear considers responding to ICMPv6 echo requests as a security threat and will not change. There firewall is closed source so Voxel can't fix it either. At this point if you want properly running IPv6 use a Asus router or router from another source. I know sad but true....
Thanks for your prompt reply. Too bad that Netgear won’t implement a fix. I’ve tried Asus routers and while their firmware is top notch (especially Merlins) - their hardware and wireless performance is not on-par with others. Pick your poison I guess.
In regards to firmware for the R7800 - is the general consensus to stick with stock Netgear firmware or use Voxels firmware?
Curious as to what the community recommends.
Thanks
In regards to firmware for the R7800 - is the general consensus to stick with stock Netgear firmware or use Voxels firmware?
Curious as to what the community recommends.
Thanks
I would stay with Voxel's. He just released a new version today for the 7800. 1.0.2.70SF. He keeps all the behind the scenes packages updated were Netgear continues to use old and outdated packages even with new firmware releaes. I can say with certainty that my R7800 will be my last purchase from Netgear there firmware is just to old, crusty, unstable and outdated to be relevent in late 2019.
On my R7800 with .63 firmware, NETGEAR has only opened ICMPv6 ping requests so when you go testing your IPv6, it fools the test sites that you have fully open ICMPv6. This is not the case as I can see with "ip6tables -vL" when I log in with telnet that only ICMPv6 ping is passed through. The rest, mandatory ICMPv6 settings are filtered out.
So in short, at least on the R7800, you're fooled in beleiving that they finally stopped filtering ICMPv6. I've created a thread(1) at the Ideas forum but it seems NG will not change its mind about ICMPv6
NETGEAR is the only commercial router manufacturer that does this sh*t. All others correctly pass all of the required ICMPv6
Also, keep in mind that Windows 10 by default filters out ICMPv6 too. You have to open it in your Windows 10 firewall. I'm on Linux so have full controll on what I filter and what not. The same can be done on Windows
(1) https://community.netgear.com/t5/Idea-Exchange-For-Home/Stop-blocking-ICMPv6/idi-p/1126371
Thats interesting here on .63 ICMPv6 is still very much blocked. I have never found one NG firmware were this was not blocked.
