Tutor
•
4 Messages
Pace 5268AC DMZ Pinging external address
I have fiber on the Pace 5268AC FXN and I connected my cisco rv325 router and put it in the DMZ+ on the Pace modem (since you can't bridge directly). My cisco is showing the external ip on the wan port. My problem is that I can ping the external address from outside and I want that to be blocked. My cisco is configured to block wan requests but I'm able to ping. I even tried removing the connection to the cisco router and I can still ping the external ip so I'm guessing it has something to do with the Pace modem. Any suggestions would be appreciated.
ApexRon
Professor
•
2.2K Messages
7 years ago
@seemenc
Because you are using DMZ for the Cisco, that connection should be bypassing the 5268ac firewall and then it would be up to the Cisco to not respond to external ping. However, some have found that the DMZ is not a straight passthrough though no one at A&T has explained which I believe is due to the fact that the 5268ac has so many firmware design and bug challenges that they can't even sort it out. I have cascaded Cisco, Linksys, and Apple Airport Extreme with great success once I disabled IPv6 on the 5268ac. When I tried to use DMZ the 5268ac was logging the fact that the upstream AT&T router was continually assigning the same DHCP IP address to my routers. Anyway, check out this panel of your 5268ac:
1 Attachment
Screen Shot 2017-07-26 at 9.17.00 AM.JPG
0
JefferMC
ACE - Expert
•
36K Messages
7 years ago
As ApexRon mentioned, there have been reports that the 5268ac does respond to ICMP PING requests even when set to DMZplus mode, as the Gateway still inspects all incoming packets to try to decide what needs to be forwarded to the DMZplus device and what it will handle itself.
Please report back if setting the Stealth Mode/Block PING checkboxes works for you.
0
0
seemenc
Tutor
•
4 Messages
7 years ago
Thanks for the response. I checked the setting on the 5268AC and both boxes were already checked for the 'stealth mode' and 'block ping'. I also went to the Settings->LAN->IPv6 and unchecked that box. I rebooted the 5268AC and tested ping again and it responded. I also disconnected the router from the 5268AC and was still able to ping the external ip. Is there any other place on the 5268AC that needs to be disabled related to ipV6?
0
0
ApexRon
Professor
•
2.2K Messages
7 years ago
I cannot ping my 5268ac from Ping Test Site. Nor can I ping the gateway IP address. Please use the website I did and report your results. If you are able to ping then AT&T has an issue in the network.
0
0
seemenc
Tutor
•
4 Messages
7 years ago
I used the ping test site you suggested and every location successfully pinged the external ip address. I take it my next step would be to contact AT&T support unless there is something else I should try first. Thanks
0
0
ApexRon
Professor
•
2.2K Messages
7 years ago
ISPs should provide some level of protection for their local infrastructure to prevent broadcast storms coming in off the internet. The most common broadcast storm is ping. In my opinion the AT&T gateway router is not configured as most others in their network are.
Copying AT&T but you will still need to call them and express that you have found a vulnerability in their network security.
@ATTHelpForums
0
0
seemenc
Tutor
•
4 Messages
7 years ago
Thanks. Hopefully, they can come up with something.
0
0