Hi, I have created a firewall filter rule to: accept input protocol=icmp in-interface=ether2_wan
But pinging the WAN ip from outside i dont get replies. Anything i am missing?
Regards,
Chris
Maybe provider is blocking the ping?
does your counter for that rule is growing?
Hi yes, it seems to be growing but its hard to tell… there is a lot of traffic. Any other tools i could use like a network latency test tool (we are experiencing latency issues a ping would be the best way to tell).
I am trying to work out if the router is causing an issue, our server, or if its the ISP.
I can ping the remote gateway from here, and other nodes within that network segement to which my router belongs (i am currently remote pinging from outside) - they are pinging - so i assume its not ISP blocking the packets?
Are my rules correct?
Regards,
Chris
Insure you are pinging a public ip.
Besides that, you might try traceroute from both ends. That will tell you where the icmp is stopping.
I feel very silly now 
the IP address (which should be static) changed… i can now ping.
Is there a better way to restrict to accept just ping only as i know ICMP can contain lots of other things that may be used to attack the router?
Thanks,
Chris
You can use the firewall to restrict access to any protocol. Limit access to trusted ip addresses if you are concerned about that.
/ip firewall filter
add chain=input action=accept protocol=icmp src-address=xx.xx.xx.xx
add chain=input action=drop protocol=icmp
Now you should be able to ping from the ip xx.xx.xx.xx only. You can add netmasks and additional action=accept rules before the action=drop rule.