AFAIK, external ping of the router is enabled by default on RouterOS in that this rule is present:
add action=accept chain=input comment="Accept ICMP (ping)" protocol=icmp
It’s working on my home router but isn’t on my portable hAP ax lite LTE although the rule is present. I’ve enabled DDNS which reveals the current public IP address. But ping to either IP address or DDNS name doesn’t work.
My guess is that ping is blocked by the mobile provider 1pmobile?
If you are behind CGNAT, that’s a logical consequence.
What are the first 2 octets of your supposedly public IP ?
If 100.64.x.y to 100.127.x.y, bingo.
Also check WAN IP as reported by your device and whatsmyip.com.
If values differ, you are most likely behind CGNAT as well.
Use from terminal on that device traceroute to that public IP you have.
If there is 1 hop, it should be real public.
If 2 hops: probably CGNAT.
Start of current IP 31.94
2 other things to check, added to my previous post.
It still is possible your ISP is blocking things but ICMP would be strange.
Can you use incoming connections on that device using that public IP ?
Yeah I’m getting multiple hops doing ping 31.94.28.236. When I do the same on my home router, I get one hop as you mention.
The laptop I’ve got on there at the moment has IIS installed and I’ve tried setting up port forwarding on port 80 using dst-nat. That didn’t work either. Ran ShieldsUp and that confirmed no common ports are open.
So yes, it looks like the mobile ISP (1pmobile) is blocking all incoming ports. Kind of understand why - it’s a level of protection for mobile phones.
Worth knowing though as I do get involved in installing mobile internet connections occasionally. For most consumers, not having inbound ports is no problem at all. But sods law that I’ve just helped a friend install a SXT LTE6 as their FTTC connection is pretty dire (<10Mbps). The SXT is getting >100Mbps over EE as the mast is almost line of sight. They spend significant time away from the house and therefore the alarm is important.
We’ve had one instance where the LTE interface failed. My immediate thought was a PING monitoring service like OneUpTime to alert them if the connection went down. So that’s not going to work (also 1pmobile). Next idea is a script on the SXT to restart LTE interface if the internet goes down. I notice there is a script on here to do just that so it doesn’t sound uncommon.
Where are you then you see the public ip address ?
Do you see that on your router wan interface ?
In /ip/cloud:
