• October 31, 2024, 04:47:46 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Router constantly Blocks ICMP  (Read 22063 times)

DAOWAce

  • Level 1 Member
  • *
  • Posts: 13
Router constantly Blocks ICMP
« on: February 24, 2015, 06:27:44 PM »

Bit of a necro, but I'm getting this as well on my DGL-4100.

Outbound ICMP packets are being blocked to services I need them not blocked to.

ICMP is allowed and even prioritized over normal network traffic. I've even DMZ'd myself and it's still being blocked.  My firewall is set to 'address restricted' for both TCP and UDP connections with SPI enabled.  I don't want to risk reducing it.

Edit: Additionally, it's blocking connections from myself to myself on different ports even though the firewall is set to address restricted only.  I don't get it.

There's these niggling issues this router seems to have with connection blocking that have been an irritant for the 9 or so years I've used it.. but it's still going strong (with my huge amount of QoS settings stored) so I haven't replaced it yet. Think I might have to finally do that, but I dread the thought.
« Last Edit: February 24, 2015, 09:31:18 PM by DAOWAce »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Router constantly Blocks ICMP
« Reply #1 on: February 25, 2015, 06:50:53 AM »

Link>Welcome!

  • Link>What Firmware version is currently loaded? Found on the routers web page under status.
  • What region are you located?
  • Are you wired or wireless connected to the router?

Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have?

Router and Wired Configurations
Some things to try: - Log into the routers web page at 192.168.0.1. Use IE, Opera or FF to manage the router. Besure to log into the Admin account on the router.
  • Turn off ALL QoS or Disable Traffic Shaping (DIR only) GameFuel (DGL only and if ON.) options, Advanced/QoS or Gamefuel.
  • Turn off Advanced DNS Services if you have this option under Setup/Internet/Manual or under Setup/PARENTAL CONTROL/Set to>None: Static IP or Obtain Automatically From ISP.
  • Enable or Disable Use Unicasting (compatibility for some ISP DHCP Servers) and test under Setup/Internet/Manual. Disable may help with speed performance on higher speed ISP services.
  • Turn on DNS Relay  under Setup/Networking. Link>Finding Faster DNS Addresses using Name Bench and input new DNS addresses under Setup/Internet/Manual.
  • Setup DHCP reserved IP addresses for all devices ON the router. Setup/Networking. This ensures each devices gets its own IP address when turned on and connected, eliminates IP address conflicts and helps in troubleshooting and maintain consistency for applications that need to connect as well as mapped drives.
  • Ensure devices are set to auto obtain an IP address.
  • Set Firewall settings to Endpoint Independent for TCP and UDP under Advanced/Firewall. Enable or Disable SPI to test.
  • Enable uPnP and Multi-cast Streaming under Advanced/Networking. Disable uPnP for testing Port Forwarding rules.
  • WAN Port Speed set to Auto or specific speed? Some newer ISP modems support 1000Mb so manually setting to Gb speeds can be supported by the router. Advanced/Advanced Networking/WAN Port Speed
  • Set current Time Zone, Date and Time. Use an NTP Server feature. The DST setting is only needed in the NA region. Tools/Time.

Does the 4100 have WAN Ping Respond? Some users have mentioned using this to help enable some traffic.
What are you using that needs ICMP traffic?

This router is getting to be a bit old and there maybe some network traffic or applications now days that maybe just incompatible with using this model router. The 4100/4500 are now phased out.  :(

Bit of a necro, but I'm getting this as well on my DGL-4100.

Outbound ICMP packets are being blocked to services I need them not blocked to.

ICMP is allowed and even prioritized over normal network traffic. I've even DMZ'd myself and it's still being blocked.  My firewall is set to 'address restricted' for both TCP and UDP connections with SPI enabled.  I don't want to risk reducing it.

Edit: Additionally, it's blocking connections from myself to myself on different ports even though the firewall is set to address restricted only.  I don't get it.

There's these niggling issues this router seems to have with connection blocking that have been an irritant for the 9 or so years I've used it.. but it's still going strong (with my huge amount of QoS settings stored) so I haven't replaced it yet. Think I might have to finally do that, but I dread the thought.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Router constantly Blocks ICMP
« Reply #2 on: February 27, 2015, 01:59:08 PM »

Any status on this?  ???

Bit of a necro, but I'm getting this as well on my DGL-4100.

Outbound ICMP packets are being blocked to services I need them not blocked to.

ICMP is allowed and even prioritized over normal network traffic. I've even DMZ'd myself and it's still being blocked.  My firewall is set to 'address restricted' for both TCP and UDP connections with SPI enabled.  I don't want to risk reducing it.

Edit: Additionally, it's blocking connections from myself to myself on different ports even though the firewall is set to address restricted only.  I don't get it.

There's these niggling issues this router seems to have with connection blocking that have been an irritant for the 9 or so years I've used it.. but it's still going strong (with my huge amount of QoS settings stored) so I haven't replaced it yet. Think I might have to finally do that, but I dread the thought.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

DAOWAce

  • Level 1 Member
  • *
  • Posts: 13
Re: Router constantly Blocks ICMP
« Reply #3 on: February 27, 2015, 03:03:39 PM »

Yeah, while typing I went to read my older posts then found out Spock is no longer with us then got further distracted by some drama of personalities I follow.  Anyway..


The 4100 has no wireless support, is another feature I like because it's not broadcasting radiation right next to me.  I know you can turn wireless off on most routers, but I question just how much EMF it still produces.

Firmware is 1.8 (which I heard was pulled but can't remember why).
Hardware rev: A3
Modem: Arris TM802G

WAN ping respond has always been enabled: I run a line monitoring tool to record the health of my connection.

My issue right now is that I'm trying to troubleshoot a poor performance issue with Skype video calling (one thread here).  My connection to people is abysmal despite having a 120/35 service (which the DGL-4100 doesn't support Gigabit WAN on, so I'm limited to 92mbps), video keeps getting limited to 640x360 or even 320x180.  Skype seems to constantly send ICMP packets to gauge the connection and my outbound ones are being blocked. This, assumingly, makes Skype think I have a bandwidth problem (latency = bandwidth, right) and drops the quality of my video to unwatchable levels.  I've done all I can to troubleshoot the issue on my end on the PCs and the only thing left is looking at the router.

Also, when attempting to test the issue myself via a VM, the router was blocking my connections to myself (WAN IP) on different ports. ex: WAN IP:52386 to WAN IP:80.

And even more aside from that, but not relevant to my current issue, I am always in a 'no incoming connections' state when running bit torrent, despite forwarding all ports properly.  It does connect and work well for downloads, but seemingly at a much reduced level at which it should be for uploads.

As I said, I don't want to disable the firewall as even if it works I'd be putting myself at more of a security risk, so I'm hoping there's another solution to the issue.  I mean I could try it for troubleshooting reasons I suppose, but it won't be until later tonight.

I see the DGL-5500 has fallen to $80 and has quite poor reviews.  I guess I'd be looking at a different brand in present time should I buy a new router.
« Last Edit: February 27, 2015, 05:43:38 PM by DAOWAce »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Router constantly Blocks ICMP
« Reply #4 on: February 28, 2015, 10:36:52 AM »

Please give some of the suggestions a try.
Also try putting the PC with SKype in the DMZ and test.

Chaning the Firewall settings wont risk anything and would be only for a quick test to see if anything helps change the behavior. Set the EndPoint Independent as well while the firewall is enabled to see if anything changes.

Also setting up some QoS rule for the Skype PC may help as well, however since your on a ISP service speed thats fairly high, it's possible that the 4100 maybe not able to handle and perform well.

Check the enable WAN Ping Respond feature as well.

Even though I didn't get to experience the 4100, the 4500 was and still is a great router. As for the 5500, it's been disappointing that it's has a hard timeframe in  development. It has made good strides in FW and the most current version of FW is the best thus far. Unfortunately the reviews reflect badly which in part isn't due to D-Links fault rather Qualcomm whom owns the StreamBoost core code. They have been less the forth coming in fixing issues there so D-Link has had some struggle in working with Qualcomm. So don't discount D-Link in there efforts in the 5500 development. They have worked hard to get it going right.

You may want to give the 5500 a test drive if you can find one with a return policy. See if maybe it works better for you. Another great router that I enjoy is the DIR-868L. One of D-Links finest routers for the home, video and gaming. I'm on my 2nd one. I gave my first one away as a gift. It maybe time to upgrade the 4100.  ::)

Yeah, while typing I went to read my older posts then found out Spock is no longer with us then got further distracted by some drama of personalities I follow.  Anyway..


The 4100 has no wireless support, is another feature I like because it's not broadcasting radiation right next to me.  I know you can turn wireless off on most routers, but I question just how much EMF it still produces.

Firmware is 1.8 (which I heard was pulled but can't remember why).
Hardware rev: A3
Modem: Arris TM802G

WAN ping respond has always been enabled: I run a line monitoring tool to record the health of my connection.

My issue right now is that I'm trying to troubleshoot a poor performance issue with Skype video calling (one thread here).  My connection to people is abysmal despite having a 120/35 service (which the DGL-4100 doesn't support Gigabit WAN on, so I'm limited to 92mbps), video keeps getting limited to 640x360 or even 320x180.  Skype seems to constantly send ICMP packets to gauge the connection and my outbound ones are being blocked. This, assumingly, makes Skype think I have a bandwidth problem (latency = bandwidth, right) and drops the quality of my video to unwatchable levels.  I've done all I can to troubleshoot the issue on my end on the PCs and the only thing left is looking at the router.

Also, when attempting to test the issue myself via a VM, the router was blocking my connections to myself (WAN IP) on different ports. ex: WAN IP:52386 to WAN IP:80.

And even more aside from that, but not relevant to my current issue, I am always in a 'no incoming connections' state when running bit torrent, despite forwarding all ports properly.  It does connect and work well for downloads, but seemingly at a much reduced level at which it should be for uploads.

As I said, I don't want to disable the firewall as even if it works I'd be putting myself at more of a security risk, so I'm hoping there's another solution to the issue.  I mean I could try it for troubleshooting reasons I suppose, but it won't be until later tonight.

I see the DGL-5500 has fallen to $80 and has quite poor reviews.  I guess I'd be looking at a different brand in present time should I buy a new router.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

DAOWAce

  • Level 1 Member
  • *
  • Posts: 13
Re: Router constantly Blocks ICMP
« Reply #5 on: March 01, 2015, 06:34:54 PM »

DMZing myself was the last thing I tried before giving up and searching for help here.  It didn't work.  Technically this would invalidate testing firewall settings, no?

I normally have no problems with speed or connectivity on the 4100 even after 8+ years of service; it's only these select few poorly coded programs that seem to mess up; or the router's firewall appearing to go AWOL for certain things.

As for buying a router to return it if I don't like it, well, I can't do that with any local shops because 99% of what they stock is complete trash or the most mainstream 'best selling' products, which I don't want.  Every online shop costs a big shipping fee, sometimes even a restocking fee.  At that point it's just best to keep it instead of get 1/4 your money back.

The main issue with getting a new router is 75% the interface and 25% having to spend hours configuring it again.. after I spend even more hours learning the interface.   I've demo'd the current ASUS routers and have a WD N900 Central (for my family to backup to and use wireless on), I don't like the interfaces of either, though I prefer the aesthetics of the N900.  Interface and usability is a huge issue for me (and is why I've still been using Vista after all these years; and no, it's nowhere near as bad as those bandwagon imbeciles believe, in fact Windows 7 is worse in many aspects outside of my dislike for the UI).

I'm not using the N900 as my main router because of the wireless issue.  The router sits in my room below my desk, next to where I sit. I don't want it generating a wireless signal so close to me, nor while I sleep.  I'm basically around my PC 20 hours a day.  So, my family needed wireless and I saw the N900 basically being liquidated by Newegg (70% off), so I picked it up and threw it AP mode.  If I get a new router it needs to be able to disable wireless at the hardware level, else I subject myself to unhealthy levels of radiation.

Also, by chance do you have official links to firmware for the DGL-4100 (and changelogs)?  I want to downflash back to 1.07 (if even possible) due to the 'poor performance' reports 1.08 had which caused it to be pulled.  I'm questioning if prior firmware would work better, though I really want to see the full changelogs for them most of all.
« Last Edit: March 01, 2015, 06:43:49 PM by DAOWAce »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Router constantly Blocks ICMP
« Reply #6 on: March 02, 2015, 09:38:25 AM »

D-Link routers and AP can disable the radios at the HW level.

You can find release notes for FW here:
http://support.dlink.com/ProductInfo.aspx?m=DGL-4100

If you choose to downgrade, please follow this process:
FW Update Process
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Router constantly Blocks ICMP
« Reply #7 on: March 19, 2015, 07:01:20 AM »

Any status on this?  ???

Bit of a necro, but I'm getting this as well on my DGL-4100.

Outbound ICMP packets are being blocked to services I need them not blocked to.

ICMP is allowed and even prioritized over normal network traffic. I've even DMZ'd myself and it's still being blocked.  My firewall is set to 'address restricted' for both TCP and UDP connections with SPI enabled.  I don't want to risk reducing it.

Edit: Additionally, it's blocking connections from myself to myself on different ports even though the firewall is set to address restricted only.  I don't get it.

There's these niggling issues this router seems to have with connection blocking that have been an irritant for the 9 or so years I've used it.. but it's still going strong (with my huge amount of QoS settings stored) so I haven't replaced it yet. Think I might have to finally do that, but I dread the thought.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Cartel

  • Level 1 Member
  • *
  • Posts: 13
Re: Router constantly Blocks ICMP
« Reply #8 on: January 08, 2020, 03:17:42 AM »

Just a heads up. If I use a port filter and the access control of my 655, it blocks pings. Doesnt matter what port I got blocked, 135, 445 a single port, it blocks Pings unless I uncheck the filter rule or every port on the list, then it worls. Also check the wan ping respond is set to allow

Code: [Select]
[INFO] Wed Jan 08 02:56:24 2020 Dropped packet from 192.168.0.112 to 172.217.3.206 (IP protocol 1) as unable to create new session
[INFO] Wed Jan 08 02:56:24 2020 Internet access port filter dropped packet from 192.168.0.112 to 0.0.0.41 (protocol 2899903438)
[INFO] Wed Jan 08 02:56:19 2020 Dropped packet from 192.168.0.112 to 172.217.3.206 (IP protocol 1) as unable to create new session
[INFO] Wed Jan 08 02:56:19 2020 Internet access port filter dropped packet from 192.168.0.112 to 0.0.0.40 (protocol 2899903438)
[INFO] Wed Jan 08 02:56:14 2020 Dropped packet from 192.168.0.112 to 172.217.3.206 (IP protocol 1) as unable to create new session
[INFO] Wed Jan 08 02:56:14 2020 Internet access port filter dropped packet from 192.168.0.112 to 0.0.0.39 (protocol 2899903438)

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Router constantly Blocks ICMP
« Reply #9 on: January 08, 2020, 12:26:25 PM »

What Rev is your 655?

If I remember, D-Link routers stopped supporting of any ICMP protocols due to security reasons. Both the 4100 and 655 are EOL and no longer developed on. If you really need ICMP support, you'll need to find a router that supports this.

Just a heads up. If I use a port filter and the access control of my 655, it blocks pings. Doesnt matter what port I got blocked, 135, 445 a single port, it blocks Pings unless I uncheck the filter rule or every port on the list, then it worls. Also check the wan ping respond is set to allow

Code: [Select]
[INFO] Wed Jan 08 02:56:24 2020 Dropped packet from 192.168.0.112 to 172.217.3.206 (IP protocol 1) as unable to create new session
[INFO] Wed Jan 08 02:56:24 2020 Internet access port filter dropped packet from 192.168.0.112 to 0.0.0.41 (protocol 2899903438)
[INFO] Wed Jan 08 02:56:19 2020 Dropped packet from 192.168.0.112 to 172.217.3.206 (IP protocol 1) as unable to create new session
[INFO] Wed Jan 08 02:56:19 2020 Internet access port filter dropped packet from 192.168.0.112 to 0.0.0.40 (protocol 2899903438)
[INFO] Wed Jan 08 02:56:14 2020 Dropped packet from 192.168.0.112 to 172.217.3.206 (IP protocol 1) as unable to create new session
[INFO] Wed Jan 08 02:56:14 2020 Internet access port filter dropped packet from 192.168.0.112 to 0.0.0.39 (protocol 2899903438)


Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.