Asus RT-N56U Firmware Ver.: 3.0.0.4.374_130
Although Respond Ping Request from WAN option under Firewall is enabled and my mac's firewall is off, the router still block the ICMP ping from HE. I fixed the "IP is not ICMP pingable" issue by forwarding the ICMP protocol under WAN->Virtual Server/Port Forwarding:
Port Range: 1
Local IP: your computer's local IP
Protocol: OTHER
CONCLUSION:
For ASUS routers, one must enable Respond Ping Request from WAN under Firewall AND forward IP protocol 1 (ICMP) & IP protocol 41 (if behind NAT) in port forwarding to be able to make HE IPv6 tunneling work.
Question:
1. Is this a programming bug caused by Asus or "Respond Ping Request from WAN" does not necessarily mean ICMP ping will get through, maybe for security reason?
2. Since I already created a tunnel, should I stop forwarding ICMP protocol to avoid security threat?
Did you try DMZ mode? Is your ISP blocking ICMP?
You listed "Port Fowarding" but ICMP is a protocol...I assume that page lets you forward protocols as well?
What security threat are you trying to mitigate?
QuoteYou listed "Port Fowarding" but ICMP is a protocol...I assume that page lets you forward protocols as well?
Yes, RT-N56U allows forwarding protocols, it's just like forwarding protocol 41 for computers behind router to let HE's tunnel to work. I've attached screen shots too.
QuoteDid you try DMZ mode? Is your ISP blocking ICMP?
Since I've fixed the ICMP issue, it looks like my ISP was not blocking ICMP, only my router did. Before I came up with this solution, my public IP sometimes magically respond to HE's ICMP ping, and sometimes it just block it. Maybe it was the uPnP that temporarily let ICMP protocol through. But still,
Respond Ping Request from WAN option in RT-N56U did not do what it is supposed to do.