On 7/29/05, Scott Ullrich <[EMAIL PROTECTED]> wrote: > On 7/29/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > - I created a Virtual IP using the same IP address as my WAN interface, > > trying to get the router to accept (or redirect) ICMP (I want my system > > pingable). I failed in doing that. > > (1) How do I make my router pingable from the outside world? > > (2) In making that change above, I wasn't able to remove the > > interface. The error always said that that VIP was in use by a NAT rule. In > > order to remove it, I needed to remove all my NAT rules, delete the VIP, > > and re-enter all the NAT rules by hand. Painful! > > I'll let Bill chime in here but to get ICMP working you need to allow > the protocol in the interface rules.
Hrm, I'll check this out. I've got a code change that I need to commit for this stuff anyway. The VIP code does check to see if you've used the VIP in a NAT entry (probably cause the only reason you need a VIP is if you don't use the interface address in your NAT), I don't see that changing. I can probably easily add code to not allow a VIP that is the same IP as the interface address though. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
