Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
en:guide:start:vyos:run:ping [2025/09/29 18:21] – created Webmaster VitaNetworksen:guide:start:vyos:run:ping [2025/09/29 18:42] (current) Webmaster VitaNetworks
Line 54: Line 54:
 <code>set firewall ipv6 input filer rule 000015 icmp type-name echo-request <code>set firewall ipv6 input filer rule 000015 icmp type-name echo-request
 set firewall ipv6 input filter rule 000015 icmp type 128</code> set firewall ipv6 input filter rule 000015 icmp type 128</code>
 +
 +OUTGOING
  
 Unless a firewall has been configured in a stateless mode or other advaced configuration, there's no need to allow outbound traffic for ICMP echo replies as these would fall under //**related**// traffic and thus should be allowed automatically. Unless a firewall has been configured in a stateless mode or other advaced configuration, there's no need to allow outbound traffic for ICMP echo replies as these would fall under //**related**// traffic and thus should be allowed automatically.
 +
 +On VyOS, echo requests from a non-routable network to the Internet are configured the same way as incoming requests but on the forward filter. This would also allow forwarding traffic in if there are any publicly routable addresses inside the network. That's where ''inbound-interface'' comes in; using an interface group with only the internal interfaces, traffic can be limited to one-way only, it that should be desired.
 +
 +Echo requests from the Internet to a non-routable (i.e. natted network) are only possible to the same number of internal hosts as the number of public IP addresses the firewall has, which it would have to renounce to each internal host. In other words, to ping internal hosts the traffic must be NAT-forwarded.
 +
 +
  
 ===== Invoking ping ===== ===== Invoking ping =====
Line 63: Line 71:
 To invoke "VyOS' ping" or "Operational ping" without exiting configuration mode (e.g. when it's not possible when an administrator can't commit uncommitted changes) it simply can be prefixed with the ''run'' command; just as invoking every other Operational mode command from Configuration mode. To invoke "VyOS' ping" or "Operational ping" without exiting configuration mode (e.g. when it's not possible when an administrator can't commit uncommitted changes) it simply can be prefixed with the ''run'' command; just as invoking every other Operational mode command from Configuration mode.
  
-===== Examples of invoking ping =====+==== Examples of invoking ping ====
  
 **Linux's ping direct invocation** **Linux's ping direct invocation**
Line 101: Line 109:
 <WRAP group> <WRAP group>
 <WRAP third column> <WRAP third column>
-  * Unordered List Itemallow-broadcast+  * allow-broadcast
   * audible   * audible
   * bypass-route   * bypass-route