Hi, I am an RB5009 user from China. I have two ISPs: one with a dynamic public IP and the other with a non-public IP. I have added a WAN interface list in the interface list options and grouped the two WAN interfaces together. I have set up a firewall rule with the following configuration:
Chain: input
Protocol: 1 (icmp)
In. Interface List: WAN
Action: drop
Log: checked
However, when I try to ping this IP from an external network, I am still able to get a response. I am not sure what is going wrong and would appreciate any help.
Strangely, using this method where I bind two PPPoE interfaces to a list, it allows external networks to be unable to ping my public IP, while the internal network (NAT) can still ping it. This is exactly what I wanted, but I don’t understand how this works. I searched for answers on Google, and many explanations suggest setting up the WAN interface list with the two ISP WAN interfaces, then dropping their traffic, and setting up an input rule to allow internal network segment 192.168.22.0/24 to ping. However, I couldn’t achieve this setup, which has left me confused.
From what I understand of your setup, you have incorrectly configured the interfaces that are part of the ‘interface list wan.’
I understand that you achieve internet access through the PPPoE, so the WAN interfaces are not WAN1 and WAN2, but rather pppoe-out1 and pppoe-out2.
