NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
p0se1d0n
Sep 19, 2019Guide
Getting IPV6 to Un-Filter ICMP???
R7800 (latest .63 firmware) Hello. Is there a way to un-filter ICMP messages using IPV6 on the R7800 router? I’ve tried BOTH stock firmware and Voxels firmware to no avail. My previous Asus rout...
- Sep 28, 2019A Netgear engineer replied to my inquiry about this issue with the following:
————————————————
As per our router specification "An implementation MUST NOT send out the ICMPv6 echo reply on the router’s WAN interface if the “Respond to Ping on Internet Port” option is not enabled” for security reasons. So that means in order to allow this user must enable respond to ping on internet port. R7800 should have an option for IPv6 ping on the debug page. If you go to debug page you should see an option called “Allow external IPv6 hosts ping internal IPv6 hosts” and user need to enable this if he wants external IPv6 address to ping internal ones."
To access the debug page, just type this address on your browser 192.168.1.1/debug.htm or routerlogin.net/debug.htm and login using the router's credentials. Scroll down to the bottom and look for Allow external IPv6 hosts ping internal IPv6 hosts and enable it.
——————————————-
Should I try this or is this a security concern? Not sure what to make of this. Thanks
microchip8
Sep 20, 2019Master
Here's what I'm getting on tests.
IPv6 test: https://owncloud.teambelgium.net/index.php/s/3qQ4cBf0jwDvbDV
.63 firmware option: https://owncloud.teambelgium.net/index.php/s/SZU8EXD4hHOqlfW
Here's a guide for Windows to allow ICMPv6 (scroll to the middle): https://www.howtogeek.com/howto/windows-vista/allow-pings-icmp-echo-request-through-your-windows-vista-firewall/
p0se1d0n
Sep 28, 2019Guide
A Netgear engineer replied to my inquiry about this issue with the following:
————————————————
As per our router specification "An implementation MUST NOT send out the ICMPv6 echo reply on the router’s WAN interface if the “Respond to Ping on Internet Port” option is not enabled” for security reasons. So that means in order to allow this user must enable respond to ping on internet port. R7800 should have an option for IPv6 ping on the debug page. If you go to debug page you should see an option called “Allow external IPv6 hosts ping internal IPv6 hosts” and user need to enable this if he wants external IPv6 address to ping internal ones."
To access the debug page, just type this address on your browser 192.168.1.1/debug.htm or routerlogin.net/debug.htm and login using the router's credentials. Scroll down to the bottom and look for Allow external IPv6 hosts ping internal IPv6 hosts and enable it.
——————————————-
Should I try this or is this a security concern? Not sure what to make of this. Thanks
————————————————
As per our router specification "An implementation MUST NOT send out the ICMPv6 echo reply on the router’s WAN interface if the “Respond to Ping on Internet Port” option is not enabled” for security reasons. So that means in order to allow this user must enable respond to ping on internet port. R7800 should have an option for IPv6 ping on the debug page. If you go to debug page you should see an option called “Allow external IPv6 hosts ping internal IPv6 hosts” and user need to enable this if he wants external IPv6 address to ping internal ones."
To access the debug page, just type this address on your browser 192.168.1.1/debug.htm or routerlogin.net/debug.htm and login using the router's credentials. Scroll down to the bottom and look for Allow external IPv6 hosts ping internal IPv6 hosts and enable it.
——————————————-
Should I try this or is this a security concern? Not sure what to make of this. Thanks
- _Bender_Jan 31, 2020Tutor
Sweet! Works as it should now :)
- p0se1d0nJan 31, 2020GuideWhat did u do to get it working and are you using the R7800 router?
- _Bender_Jan 31, 2020Tutor
I followed your instructions and enabled Allow external IPv6 hosts ping internal IPv6 hosts in the debug menu :)
- p0se1d0nFeb 01, 2020GuideThose were the instructions from Netgear support. I just tried it and you’re right it does work.
But the question remains if it’s SECURITY RISK having that setting enabled.
Can someone more knowledgeable about this chime in please. - microchip8Feb 01, 2020Master
it's not really a security issue as NG's firewall throttles ping replies after a certain amount. For IPv6, ICMPv6 is crucial for the correct working of IPv6. The following below must be passed
router-advertisement
router-solicitation
neighbour-advertisement
neighbour-solicitation
destination-unreachable
packet-too-big
time-exceeded
parameter-problem
unknown-header-type
- p0se1d0nFeb 01, 2020GuideI did a reboot on the R7800 and I noticed the setting reverted back to default (unchecked). Is this normal behavior?
In the debug menu I didn’t notice a “save” button. Is it supposed to reset after a reboot though? - microchip8Feb 01, 2020Master
After reboot, the settings are set to defaults in the debug page. This is normal and you have to enable them after each reboot