Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 5 subscribers
  • Views 2623 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't stop UTM from being pinged

Peter-Paul Gras

So i went to:

Network Protection > Firewall > ICMP en disabled (unticked) all  the options somehow the UTM can still be pinged.

Then added a firewall rule to block ping from internet traffic to UTM adress. Can still ping the UTM.

 

Any thoughts on this?

 

Thank you, Peter-Paul



This thread was automatically locked due to age.
Parents
  • 0

    Hoi Peter-Paul,

    Please show a traceroute to your UTM from the Internet.  Obfuscate your IP like 83.x.y.11.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello Bob,

    This is the traceroute. I just generated is using www.whatsmyip.org/.../

    Hop Hostname IP Address 1 2 3
    1 97.v102.fe-1-0-0.core1.troy2.waveform.net (204.11.35.97) 0.531 ms 0.304 ms 0.310 ms
    2 core5.tym.r256.net (173.225.185.37) 0.558 ms 0.850 ms 1.415 ms
    3 core10.tym.r256.net (208.79.214.11) 0.333 ms 0.194 ms 0.294 ms
    4 det-b1-link.telia.net (62.115.63.48) 0.873 ms 0.804 ms 0.798 ms
    5 nyk-bb4-link.telia.net (62.115.113.34) 19.658 ms 19.664 ms 19.687 ms
    6 nyk-b6-link.telia.net (80.91.254.36) 19.507 ms 20.101 ms 19.482 ms
    7 nyk-s2-rou-1021.us.eurorings.net (134.222.248.0) 19.523 ms 19.516 ms 19.506 ms
    8 ldn-s2-rou-1101.uk.eurorings.net (134.222.48.93) 100.562 ms 101.840 ms 104.196 ms
    9 rt2-rou-1022.nl.eurorings.net (134.222.48.201) 100.875 ms 100.971 ms 101.024 ms
    10 asd-s8-rou-1041.nl.eurorings.net (134.222.48.15) 100.764 ms 100.609 ms 100.647 ms
    11 - - * * *
    12 0.et-8-1-0.xr4.1d12.xs4all.net (194.109.5.4) 100.715 ms 100.679 ms 100.669 ms
    13 0.ae1.dr11.d12.xs4all.net (194.109.7.170) 100.688 ms 100.702 ms 100.719 ms
    14 a83-x-y-110.adsl.xs4all.nl (83.x.y.110) 104.175 ms 104.139 ms 104.107 ms

     

     

    Thank you for your time.

    Peter-Paul

     
    SFVH (SFOS 19.5.1 MR-1-Build278)  - Last (re)boot on Februari 20 2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
  • 0 in reply to Peter-Paul Gras

    Peter-Paul, I believe that using the "Any" object in the firewall rule will not succeed in having the configuration daemon create an iptables rule for the INPUT chain.  Better to use the "(Address)" object for the external interface, as explained in #4 in Rulz (last updated 2019-04-17).

    In any case, your configuration on the 'ICMP' tab should result in the UTM not returning pings or trace routes.

    Instead of using a firewall rule to prevent responses, check out #2 in Rulz and make a blackhole DNAT.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    To the OP, tell us more about your internet connection.

    Specifically, what is the UTM wan port connected to?  Who's the ISP?   I have a theory in mind but need more information.

  • 0 in reply to BAlfson

    in reply to Bob,

     

    So disabled the FW rule, added a Blackhole DNAT for ping service.

    Still no succes, 20 pings, no packets lost.

     

    Peter-Paul

     
    SFVH (SFOS 19.5.1 MR-1-Build278)  - Last (re)boot on Februari 20 2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
Reply
  • 0 in reply to BAlfson

    in reply to Bob,

     

    So disabled the FW rule, added a Blackhole DNAT for ping service.

    Still no succes, 20 pings, no packets lost.

     

    Peter-Paul

     
    SFVH (SFOS 19.5.1 MR-1-Build278)  - Last (re)boot on Februari 20 2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
Children
  • 0 in reply to Peter-Paul Gras

    A FritzBox, Peter-Paul?  I wonder if it's the device responding to pings.  I bet logging that DNAT rule will show that the ping requests never reach the UTM.  Was that it?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Just established that it was the Fritzbox responding to the pings.
    There seems to be no way to disable this behavior. Only taking it out as jay Jay suggested. 
    I'll start looking into that. Will keep you posted.

    Thank you for helping.
    Peter-Paul

     
    SFVH (SFOS 19.5.1 MR-1-Build278)  - Last (re)boot on Februari 20 2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
Unfiltered HTML