1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato ND USB Mod and problems with ICMP requests

Discussion in 'Tomato Firmware' started by HorseCalledHorse, Jul 10, 2010.

  1. HorseCalledHorse

    HorseCalledHorse Addicted to LI Member

    Hi guys,
    I posted this in the ND USB Mod thread but didn't get any eyeballs (because the thread is now so huge) and thought I'd try a thread of my own.
    I just moved from a WRT54G running stock Tomato 1.28 (and every other version before that) to running the ND USB mod (build 47) on a WRT160n v3. All in all it was a very smooth transition, and everything is working just as it was before. I think.
    The one thing I'm having problems with is allowing the ICMP ping in the Firewall, which I need enabled to run an IPv6 tunnel (from tunnelbroker.net). I've ticked the box and it seems to be working but whenever my IP address changes (my ISP gives me a dynamic address so it does this fairly often) and I update the tunnel endpoint to the new IP, it seems like the ICMP request fails: the tunnel just stops working. This never happened running the "old" Tomato on my WRT54G.
    So I guess my question is, are there any differences in this firmware that would explain this behaviour? Any other reasons this might be happening?
     
  2. HorseCalledHorse

    HorseCalledHorse Addicted to LI Member

    Looks like I'll have to bump my own thread. No one has any ideas about this? I'm still having the same problem with Tomato USB (build 48 now). Whenever my IP address changes the only way I can get my IPv6 tunnel back is to reboot the router.
    Any theories as to why this might be happening are welcome:)
     
  3. teddy_bear

    teddy_bear Network Guru Member

    So normally ICMP requests go through just fine when enabled in GUI? And it is only after the IP change when ICMP stops working until you reboot the router? What is your connection type - DHCP/PPPoE/etc? Does everything else work normally after IP change?

    Have you tried something else to resolve the problem, besides the reboot? For example, "service firewall restart", or release/renew IP in the GUI? It would help to localize the issue if we can find something less drastic than rebooting the whole system that restores normal functionality...
     
  4. HorseCalledHorse

    HorseCalledHorse Addicted to LI Member

    Hi teddy_bear.
    Thanks so much for the reply.
    I'm connected via PPPoE to my ADSL2+ ISP.
    Yes, normally ICMP requests go through just fine: the IPv6 tunnel (from HE.net) works exactly as it should. But as soon as the IP address changes, the tunnel stops working, even though I can (and do) update the tunnel endpoint (ie, tell it the new IP address) without any problems.
    I have tried disconnecting and reconnecting the PPPoE connection in the GUI, which gets me a new IP, but the tunnel still refuses to work.
    How exactly can I try "service firewall restart"?
    I'll try to get you any information you need.
     
  5. teddy_bear

    teddy_bear Network Guru Member

    Open telnet or SSH session, and type "service firewall restart" in the command line. Or you can use the "Tools -> System" page in the GUI to execute the same command.

    Have you verified that the reason for tunnel to stop working is indeed the blocked ICMP requests, and nothing else (for example, by logging blocked packets, and/or trying to ping your router from the WAN)? Does reconnect from GUI always give you the new IP? If so, does it cause the same problem as if IP was changed by your ISP automatically?

    But before you do anything else, try the latest build 48 - the issue could be already fixed there.
     
  6. HorseCalledHorse

    HorseCalledHorse Addicted to LI Member

    Hi teddy,
    I'm already using build 48 and the problem remains.
    But you're right - I'm not sure the problem IS blocked ICMP requests. That was my best guess.
    Yes, reconnecting from the GUI always renews my IP address. I just did it and it DOES cause the same problem: even though I update the tunnel endpoint, the tunnel fails and I can't get an IPv6 address.
    I also tried "service firewall restart" without any luck: the problem remains after the firewall has restarted.
     
  7. teddy_bear

    teddy_bear Network Guru Member

    So, have you been able to verify (via connection logging while trying to ping your external IPv4 address from the WAN) whether the problem is actually caused by blocked ICMP?
     

Share This Page