NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Getting IPV6 to Un-Filter ICMP???
R7800 (latest .63 firmware) Hello. Is there a way to un-filter ICMP messages using IPV6 on the R7800 router? I’ve tried BOTH stock firmware and Voxels firmware to no avail. My previous Asus rout...
- A Netgear engineer replied to my inquiry about this issue with the following:
————————————————
As per our router specification "An implementation MUST NOT send out the ICMPv6 echo reply on the router’s WAN interface if the “Respond to Ping on Internet Port” option is not enabled” for security reasons. So that means in order to allow this user must enable respond to ping on internet port. R7800 should have an option for IPv6 ping on the debug page. If you go to debug page you should see an option called “Allow external IPv6 hosts ping internal IPv6 hosts” and user need to enable this if he wants external IPv6 address to ping internal ones."
To access the debug page, just type this address on your browser 192.168.1.1/debug.htm or routerlogin.net/debug.htm and login using the router's credentials. Scroll down to the bottom and look for Allow external IPv6 hosts ping internal IPv6 hosts and enable it.
——————————————-
Should I try this or is this a security concern? Not sure what to make of this. Thanks
Here's what I'm getting on tests.
IPv6 test: https://owncloud.teambelgium.net/index.php/s/3qQ4cBf0jwDvbDV
.63 firmware option: https://owncloud.teambelgium.net/index.php/s/SZU8EXD4hHOqlfW
Here's a guide for Windows to allow ICMPv6 (scroll to the middle): https://www.howtogeek.com/howto/windows-vista/allow-pings-icmp-echo-request-through-your-windows-vista-firewall/
A Netgear engineer replied to my inquiry about this issue with the following:
————————————————
As per our router specification "An implementation MUST NOT send out the ICMPv6 echo reply on the router’s WAN interface if the “Respond to Ping on Internet Port” option is not enabled” for security reasons. So that means in order to allow this user must enable respond to ping on internet port. R7800 should have an option for IPv6 ping on the debug page. If you go to debug page you should see an option called “Allow external IPv6 hosts ping internal IPv6 hosts” and user need to enable this if he wants external IPv6 address to ping internal ones."
To access the debug page, just type this address on your browser 192.168.1.1/debug.htm or routerlogin.net/debug.htm and login using the router's credentials. Scroll down to the bottom and look for Allow external IPv6 hosts ping internal IPv6 hosts and enable it.
——————————————-
Should I try this or is this a security concern? Not sure what to make of this. Thanks
————————————————
As per our router specification "An implementation MUST NOT send out the ICMPv6 echo reply on the router’s WAN interface if the “Respond to Ping on Internet Port” option is not enabled” for security reasons. So that means in order to allow this user must enable respond to ping on internet port. R7800 should have an option for IPv6 ping on the debug page. If you go to debug page you should see an option called “Allow external IPv6 hosts ping internal IPv6 hosts” and user need to enable this if he wants external IPv6 address to ping internal ones."
To access the debug page, just type this address on your browser 192.168.1.1/debug.htm or routerlogin.net/debug.htm and login using the router's credentials. Scroll down to the bottom and look for Allow external IPv6 hosts ping internal IPv6 hosts and enable it.
——————————————-
Should I try this or is this a security concern? Not sure what to make of this. Thanks
Sweet! Works as it should now :)
- What did u do to get it working and are you using the R7800 router?
I followed your instructions and enabled Allow external IPv6 hosts ping internal IPv6 hosts in the debug menu :)
- Those were the instructions from Netgear support. I just tried it and you’re right it does work.
But the question remains if it’s SECURITY RISK having that setting enabled.
Can someone more knowledgeable about this chime in please. it's not really a security issue as NG's firewall throttles ping replies after a certain amount. For IPv6, ICMPv6 is crucial for the correct working of IPv6. The following below must be passed
router-advertisement
router-solicitation
neighbour-advertisement
neighbour-solicitation
destination-unreachable
packet-too-big
time-exceeded
parameter-problem
unknown-header-type
- I did a reboot on the R7800 and I noticed the setting reverted back to default (unchecked). Is this normal behavior?
In the debug menu I didn’t notice a “save” button. Is it supposed to reset after a reboot though? After reboot, the settings are set to defaults in the debug page. This is normal and you have to enable them after each reboot