• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

ISP isn't blocking ICMP to v4 address but tunnelbroker says it does

Started by tuohy, May 06, 2023, 03:18:03 PM

Previous topic - Next topic

tuohy

hello,

i don't have a dual stack ISP at my primary residence and i'd like to use tunnelbroker.

i have a unifi dream machine here and i'm allowing all icmp traffic at the moment to ensure i haven't made a mistake in the packet filter. i see the ping reach me, but the Create Tunnel option on the homepage says they can't ping me. i am using the ipv4 address that the tunnelbroker wizard picks up from my request and i've escalated the issue with my service provider but i don't even know what to ask for at the moment.

my UDM (router) is plugged directly to a fiber ONT interface that is managed by my operator.

watching for the echos:

root@UDM-IOW:~# tcpdump -nvi eth4 icmp and  src 66.220.2.74
tcpdump: listening on eth4, link-type EN10MB (Ethernet), snapshot length 262144 bytes
17:00:17.766960 IP (tos 0x0, ttl 55, id 32439, offset 0, flags [DF], proto ICMP (1), length 84)
    66.220.2.74 > 98.159.126.58: ICMP echo request, id 6105, seq 1, length 64
17:00:18.774578 IP (tos 0x0, ttl 55, id 32540, offset 0, flags [DF], proto ICMP (1), length 84)
    66.220.2.74 > 98.159.126.58: ICMP echo request, id 6105, seq 2, length 64
17:00:19.782575 IP (tos 0x0, ttl 55, id 32546, offset 0, flags [DF], proto ICMP (1), length 84)
    66.220.2.74 > 98.159.126.58: ICMP echo request, id 6105, seq 3, length 64
17:00:29.993215 IP (tos 0x0, ttl 55, id 34987, offset 0, flags [DF], proto ICMP (1), length 84)
    66.220.2.74 > 98.159.126.58: ICMP echo request, id 6247, seq 1, length 64
17:00:30.992540 IP (tos 0x0, ttl 55, id 35119, offset 0, flags [DF], proto ICMP (1), length 84)
    66.220.2.74 > 98.159.126.58: ICMP echo request, id 6247, seq 2, length 64
17:00:31.992545 IP (tos 0x0, ttl 55, id 35281, offset 0, flags [DF], proto ICMP (1), length 84)
    66.220.2.74 > 98.159.126.58: ICMP echo request, id 6247, seq 3, length 64
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel

any opinions or things i should check? i can successfully ping that same v4 address that i'm expecting icmp from on the UDM as well.

thank you!

snarked

Next, you should check to see whether your system is actually sending echo responses, and then verify they are being routed out via the correct interface, etc.  It's possible that your router is dropping ping responses.

I tried to ping you and received no reply:
QuoteCommand: ping -c 3 98.159.126.58

Results:
PING 98.159.126.58 (98.159.126.58) 56(84) bytes of data.

--- 98.159.126.58 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2055ms
A traceroute (from me) recorded 14 hops, but never reached its destination, only reaching "14  be51-icc1.imon.net (207.191.217.53)  65.450 ms  65.397 ms  65.358 ms", then no replies thereafter.