![]() |
|
![]() |
Home | Reviews | Speed Test | Tools | News | Forums | Info | About | Join |
5. Firewalls and NAT
The machines that (currently) do the monitoring are
These hosts should be be added to your firewall if ICMP ping is being blocked. The IP addresses do change from time to time, so if you must enter IP address and not DNS name, then please do an NSLOOKUP or PING to make sure of the current IP address. edited by fourboxers Zone Alarm has two zones. Local Zone and Internet Zone. It is normal to set Local Zone security to medium or lower. You must then place our monitoring stations into the list of "local hosts". Please check this screenshot to see an example of the properties screen of Local Zone setup correctly to except our monitoring systems. Please note that the IP's in that screenshot are not the current IP's. The machines that (currently) do the monitoring are ny-monitor.dslreports.com sjc-monitor.dslreports.com dslreports-west2.speakeasy.net (64.81.79.40 AND 64.81.79.41) These hosts should be be added to your firewall if ICMP ping is being blocked. The IP addresses do change from time to time, so if you must enter IP address and not DNS name, then please do an NSLOOKUP or PING to make sure of the current IP address. Important: if you PADLOCK your zonealarm, no matter what, you are disconnected from the net. This will break monitoring. If you wish fulltime line monitoring, the PADLOCK function should not be used. Feedback received on this FAQ entry:
If you have a SonicWALL hardware firewall there are two methods you can use to setup your system to respond to pings: Method 1: You can pass incoming pings through the SonicWALL to a PC on the LAN and then have the PC respond to the pings. Method 2: You can have the SonicWALL respond to pings directly. To use Method 1 (your PC responds to pings) follow these steps: (1a) Open the SonicWALL web admin by entering the SonicWALL's LAN IP address into a web browser on a PC on the LAN side of the SonicWALL. (1b) Go to Access, Services and make sure Ping shows up in the list of services. If not, add the Ping service. (1c) Go to Access, Rules, Add New Rule and add two rules Rule 1 - Action=allow - Service=ping - Source=WAN, 216.200.176.6 <= DSLR WC server sjc-monitor.dslreports.com - Destination=LAN, 192.x.x.x <= LAN address of PC to respond to pings Rule 2 - Action=allow - Service=ping - Source=WAN, 206.65.191.129 <= DSLR EC server ny-monitor.dslreports.com - Destination=LAN, 192.x.x.x <= LAN address of PC to respond to pings (1d) If you have a software firewall on the LAN PC be sure to allow pings there as well. To use Method 2 (SonicWALL responds to pings) follow these steps: (2a) Open the SonicWALL web admin by entering the SonicWALL's LAN IP address into a web browser on a PC on the LAN side of the SonicWALL. (2b) Go to Access, Services and make sure Ping shows up in the list of services. If not, add the Ping service. (2c) Go to Access, Rules, Add New Rule and add two rules Rule 1 - Action=allow - Service=ping - Source=WAN, 216.200.176.6 <= DSLR WC server sjc-monitor.dslreports.com - Destination=LAN, 192.x.x.x <= LAN address of SonicWALL Rule 2 - Action=allow - Service=ping - Source=WAN, 206.65.191.129 <= DSLR EC server ny-monitor.dslreports.com - Destination=LAN, 192.x.x.x <= LAN address of SonicWALL General notes: You can have the SonicWALL stealth mode enabled (Access, Services, Stealth Mode) and both methods will still work. You can use * for the WAN address in the SonicWALL rules to allow pings from anyone, but the nice thing about using explicit rules for each DSLR server is that you don't make yourself visible to the general public. I don't think it's a security risk to leave the server-specific rules in place. Of course, if DSLR changes their server IP addresses you need to change your rules. Feedback received on this FAQ entry:
by wingman8 If your firewall responds to ICMP ping packets, as many do, then we can monitor your connection. Instructions for specific firewalls and network share devices follow. Feedback received on this FAQ entry:
Recent Linksys, DLink and other routers' firmware allows you to configure the router to be unpingable from outside. "Block WAN Requests" for older devices and "Block Anonymous Internet Requests" for newer 'Cisco' branded devices. DLink uses "Discard PING from WAN side". Enabling these router features will break monitoring. We recommend if you wish to be monitored, do not select the "Block WAN Requests"/"Block Anonymous Internet Requests"/"Discard PING from WAN side" option on the router configuration screen. Your router can still be password protected, and will be secure. Also try disabling "SPI" , as this also may block external pings. To make the Motorola NVG510 pingable, follow the instructions in this thread: »Motorola NVG510 question Feedback received on this FAQ entry:
edited by mjf Configure to allow incoming icmp request and outgoing icmp reply to/from our two monitoring stations. move these rules to be 1st rules just to be sure that they wont' be blocked by any other rules. Feedback received on this FAQ entry:
Create a Firewall Rule: Action: Pass Interface: WAN Protocol: ICMP ICMP type: Echo Source type: Any Destination: WAN Address by EUS |