Hi,
I am discovering NethServer and run some testing before deciding to deploy it or not.
My server has two network ports - Lan and WAN using a public IP address.
In the Firewall app, I have unticked the option “Ping From Internet” …
But I am still able to ping the WAN socket from the outside world …
I hope only the WAN port has a public IP. The configuration should be like the following
Wan (public IP on a red interface)
LAN (private IP on a green interface)
Guests LAN (private IP on a blue interface)
DMZ (private IP on an orange interface)
A green interface you must have, a red one you should have, if your nethserver shoud be reachable from WAN side (this one is firewalled) and the others are optional.
Is nethserver connected to the internet through a modem or a router? If it is a router perhaps the router response to the ping.
I have indeed a LAN interface (private IP) and a WAN one with a public IP, using the modem (linked to a switch) as a gateway. I definitely ping the WAN IP, not the Modem one.
Reading this, something has probably changed in the syntax of shorewall
we should have
#ACTION SOURCE DEST PROTO DPORT
Ping(DROP) net $FW
but it fact it works as expected
first verify that you have applied the configuration once saved (upper right corner)
then it works only for new connection, if you are already pinging, then you must stop and ping again