This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't stop UTM from being pinged

So i went to:

Network Protection > Firewall > ICMP en disabled (unticked) all  the options somehow the UTM can still be pinged.

Then added a firewall rule to block ping from internet traffic to UTM adress. Can still ping the UTM.

 

Any thoughts on this?

 

Thank you, Peter-Paul



This thread was automatically locked due to age.
Parents
  • Hoi Peter-Paul,

    Please show a traceroute to your UTM from the Internet.  Obfuscate your IP like 83.x.y.11.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello Bob,

    This is the traceroute. I just generated is using www.whatsmyip.org/.../

    Hop Hostname IP Address 1 2 3
    1 97.v102.fe-1-0-0.core1.troy2.waveform.net (204.11.35.97) 0.531 ms 0.304 ms 0.310 ms
    2 core5.tym.r256.net (173.225.185.37) 0.558 ms 0.850 ms 1.415 ms
    3 core10.tym.r256.net (208.79.214.11) 0.333 ms 0.194 ms 0.294 ms
    4 det-b1-link.telia.net (62.115.63.48) 0.873 ms 0.804 ms 0.798 ms
    5 nyk-bb4-link.telia.net (62.115.113.34) 19.658 ms 19.664 ms 19.687 ms
    6 nyk-b6-link.telia.net (80.91.254.36) 19.507 ms 20.101 ms 19.482 ms
    7 nyk-s2-rou-1021.us.eurorings.net (134.222.248.0) 19.523 ms 19.516 ms 19.506 ms
    8 ldn-s2-rou-1101.uk.eurorings.net (134.222.48.93) 100.562 ms 101.840 ms 104.196 ms
    9 rt2-rou-1022.nl.eurorings.net (134.222.48.201) 100.875 ms 100.971 ms 101.024 ms
    10 asd-s8-rou-1041.nl.eurorings.net (134.222.48.15) 100.764 ms 100.609 ms 100.647 ms
    11 - - * * *
    12 0.et-8-1-0.xr4.1d12.xs4all.net (194.109.5.4) 100.715 ms 100.679 ms 100.669 ms
    13 0.ae1.dr11.d12.xs4all.net (194.109.7.170) 100.688 ms 100.702 ms 100.719 ms
    14 a83-x-y-110.adsl.xs4all.nl (83.x.y.110) 104.175 ms 104.139 ms 104.107 ms

     

     

    Thank you for your time.

    Peter-Paul

     
    SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th  2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
  • Peter-Paul, I believe that using the "Any" object in the firewall rule will not succeed in having the configuration daemon create an iptables rule for the INPUT chain.  Better to use the "(Address)" object for the external interface, as explained in #4 in Rulz (last updated 2019-04-17).

    In any case, your configuration on the 'ICMP' tab should result in the UTM not returning pings or trace routes.

    Instead of using a firewall rule to prevent responses, check out #2 in Rulz and make a blackhole DNAT.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • To the OP, tell us more about your internet connection.

    Specifically, what is the UTM wan port connected to?  Who's the ISP?   I have a theory in mind but need more information.

  • in reply to Bob,

     

    So disabled the FW rule, added a Blackhole DNAT for ping service.

    Still no succes, 20 pings, no packets lost.

     

    Peter-Paul

     
    SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th  2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
  • In reply to Jay Jay,

     

    1. FTTH 100/100,

    2. provider in the Netherlands is XS4ALL

    3. The modem provided by the ISP is a Fritzbox 7490

    4. the connection is transparant / open to the UTM since i configured the Fritzbox in 'exposed host'  mode.

     

    That's about it, i'm very interested about your theory. If you need more information please let me know.

    Thank you for your help.

     

    Peter-Paul

     
    SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th  2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
  • You probably guessed what my theory would be.  I'm unfamiliar with fritzboxes, but a quick google search suggests it's firewall/router/wifi device of sorts.  My guess is *IT* is what's responding to the pings.

    Is it possible to remove it entirely from the equation and connect UTM's wan directly to the ONT ethernet port?  Or does the fritzbox do some sort of authentication of the line?

    Also, you can disconnect utm entirely from the equation then retest the ping.  My guess is it will register a response.  That means the issue is further upstream before the UTM.

    If that is the case, maybe see what config option fritzbox has as far as not responding to pings or other firewall functions.

    As I've learned in my at&t setup (also ftth, 1gb symmetrical), their gateway box doesn't truly do a bridge mode, but does some sort of weird natted setup where the public ip is passed onto one device, but the firewall is still doing NATting.  The solution there involved recreating the authentication process the gateway was doing under utm software.  You can read about it here if you like - https://community.sophos.com/products/unified-threat-management/f/hardware-installation-up2date-licensing/111868/at-t-fiber-uverse-gateway-elimination .

  • A FritzBox, Peter-Paul?  I wonder if it's the device responding to pings.  I bet logging that DNAT rule will show that the ping requests never reach the UTM.  Was that it?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Just established that it was the Fritzbox responding to the pings.
    There seems to be no way to disable this behavior. Only taking it out as jay Jay suggested. 
    I'll start looking into that. Will keep you posted.

    Thank you for helping.
    Peter-Paul

     
    SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th  2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
Reply
  • Just established that it was the Fritzbox responding to the pings.
    There seems to be no way to disable this behavior. Only taking it out as jay Jay suggested. 
    I'll start looking into that. Will keep you posted.

    Thank you for helping.
    Peter-Paul

     
    SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th  2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
Children
No Data