Cannot ping ER605 from outside network

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Cannot ping ER605 from outside network

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Cannot ping ER605 from outside network
Cannot ping ER605 from outside network
2023-10-23 00:23:48 - last edited 2023-10-31 08:16:15
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.4 Build 20230727 Rel.40308

Hi There,

 

I've been having problems being able to connect to my business network from outside the office, and as far as I can tell it is ever since I applied a dual WAN (load balanced).

 

This is on anER605 V2.0 running 2.1.4 Build 20230727 Rel.40308 directly connected to 2 operational WANs. I am not using Omada.

 

I thought this might be a bug as mentioned on the forums: https://community.tp-link.com/en/business/forum/topic/602186  (As I could not port forward any more)

But it turns out even with the beta firmware installed I cannot ping my network at all, let alone apply a port forward rule that used to work perfectly fine a couple of weeks ago.

 

Just to be clear, no configuration has changed from what was working perfectly fine prior, apart from applying a second WAN, (with load balancing), and then the beta firmware update to no avail. I have some Cisco rack switches on the network which I don't believe is relevant as this was all working perfectly fine prior to applying the dual WAN.

 

I've applied a rule to force my server PC to use only one of the WAN's per here: https://community.tp-link.com/en/business/forum/topic/582470

but this has made no difference to pinging or port forwarding ability.

 

www.whatismyip.com gives me my device public IP, which used to work perfectly fine for pinging and port forwarding before I applied the dual WAN, but now I can't even ping that IP externally. Same applies for the second (new) WAN.

 

My WANs are (Aussie) NBN and Starlink.

 

What's most interesting is that the Starlink IP shown on the ER605 status page does not actually match what is shown in www.whatismyip.com from a Starlink connected device, whereas the NBN WAN correctly reports the IP address in the settings. Is this part of the problem? This seems really strange to me.

 

I've applied matching Google/Cloudflare DNS to each WAN so as to skip the ISP settings, also making no difference,

 

Does anyone have any clever ideas?

 

This is forcing my team to not work from home properly as I can't get them connected to the server software they need without the port forwarding in place!

 

Also, anecdotally, a member of my team thinks they can intermittently (but rarely, like once every 30 minutes or so) connect to the server properly for a very short while, before the connection goes dead. I'm not sure if this actually is true or makes sense... but...shrug??

 

Status

 

WAN 1 (NBN)

WAN 2 (Starlink)

WAN 1 EXT IP

 

 

RoutingTableWAN1 TraceRT

  0      
  0      
#1
Options
1 Accepted Solution
Re:Cannot ping ER605 from outside network-Solution
2023-10-25 06:35:08 - last edited 2023-10-31 08:16:15

Hi @Thiefsie 

Thanks for posting in our business forum.

I recommend you update the firmware to 2.2.2 now. And check if the issue is fixed on the latest firmware.

Official Release ER605 V2_2.2.2 Build 20231017 Official Firmware (Released on Oct 18th, 2023)

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#4
Options
3 Reply
Re:Cannot ping ER605 from outside network
2023-10-24 07:50:22

Hi @Thiefsie 

Thanks for posting in our business forum.

 

1. What port did you forward? Nothing changed on the router and it stopped working? You cannot ping your WAN IP does not mean port forward is not working. Then how did you verify the port forward stops working?

Need your config, network diagram, and verification.

2. You use the Policy Routing. This is the correct way to force traffic into one of the WANs. You repeatedly said that you cannot ping the router WAN IP, then which one is not pingable? Yet port forwarding does not require this because you have already defined the port in its entry.

Have you changed the firewall settings?

Block Ping from WAN, is it enabled? If yes, disable it. Then you should be able to ping the WAN. Not WAN/LAN1 because you are not getting a public IP on WAN/LAN1.

3. Second WAN is not supposed to be pingable at all because it is not a public IP address. Search CGNAT on Google.

On your first WAN, the firewall on the ER605 that blocks the ping is the settings in 2. So, you should verify it. Try to ping from your cellphone on cellular and see if it is pingable.

Try the IP address you see on the System Status. Not the IP from the whatsmyip.

 

I don't who ever spreads this misinformation. This is not accurate and misinformation. If you get a public IP from your ISP and you don't have double-NAT, your WAN IP should display on the System Status. You don't have to use whatsmyip to look for your real IP address. If you use that, then it may tell you another IP address if you use a VPN. Why bother using it? And it is helpless in troubleshooting because we never ask for that IP address and take it as concrete and trust information.

 

Your WAN IP is dynamic, you should consider if it is possible that your ISP blocks the port forwarding. They usually don't block ICMP but possibly block some ports.

Troubleshooting Virtual Services on the Router Doesn't Take Effect

 

Routing table, what you have marked as a question, that's auto generated. If you would take some time to read the manual or any blog on the Internet, that would explain why you have them.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:Cannot ping ER605 from outside network
2023-10-25 03:22:48

Clive_A wrote

Hi @Thiefsie 

Thanks for posting in our business forum.

 

1. What port did you forward? Nothing changed on the router and it stopped working? You cannot ping your WAN IP does not mean port forward is not working. Then how did you verify the port forward stops working?

Need your config, network diagram, and verification.

2. You use the Policy Routing. This is the correct way to force traffic into one of the WANs. You repeatedly said that you cannot ping the router WAN IP, then which one is not pingable? Yet port forwarding does not require this because you have already defined the port in its entry.

Have you changed the firewall settings?

Block Ping from WAN, is it enabled? If yes, disable it. Then you should be able to ping the WAN. Not WAN/LAN1 because you are not getting a public IP on WAN/LAN1.

3. Second WAN is not supposed to be pingable at all because it is not a public IP address. Search CGNAT on Google.

On your first WAN, the firewall on the ER605 that blocks the ping is the settings in 2. So, you should verify it. Try to ping from your cellphone on cellular and see if it is pingable.

Try the IP address you see on the System Status. Not the IP from the whatsmyip.

 

I don't who ever spreads this misinformation. This is not accurate and misinformation. If you get a public IP from your ISP and you don't have double-NAT, your WAN IP should display on the System Status. You don't have to use whatsmyip to look for your real IP address. If you use that, then it may tell you another IP address if you use a VPN. Why bother using it? And it is helpless in troubleshooting because we never ask for that IP address and take it as concrete and trust information.

 

Your WAN IP is dynamic, you should consider if it is possible that your ISP blocks the port forwarding. They usually don't block ICMP but possibly block some ports.

Troubleshooting Virtual Services on the Router Doesn't Take Effect

 

Routing table, what you have marked as a question, that's auto generated. If you would take some time to read the manual or any blog on the Internet, that would explain why you have them.

 

 

Thanks for helping!

 

1. Port forward settings are here (unchanged from working setup):

Macbinds here if needed:

 

I verify the port forwarding by attempting to connect externally via my CAD software, which used to work perfectly fine but since dual-WAN does not.

 

2. No firewall settings changed, but admittedly before this problem occurred I had not attempted to ping the server externally before. I've now updated that firewall setting you recommended and I can now ping the server... Thanks! I also relaxed the server firewall ICMP settings but this didn't seem to make a difference.

3. OK understood. I suspect the Starlink is behind a double NAT! Nonetheless I can't seem to do anything about that. The Starlink is woeful anyway but 'higher-ups' put that in place.

 

Nonetheless, as far as I can tell within my office just now (using mobile hotspot on a laptop instead of internal network) I can now connect to the server via the port forwards.

I will properly check this later from home to ensure the system is working correctly.

I'm unsure why that simple ping firewall setting would have stopped port forwards from going through, but nonetheless if that's all it was, so be it and thank you!

  1  
  1  
#3
Options
Re:Cannot ping ER605 from outside network-Solution
2023-10-25 06:35:08 - last edited 2023-10-31 08:16:15

Hi @Thiefsie 

Thanks for posting in our business forum.

I recommend you update the firmware to 2.2.2 now. And check if the issue is fixed on the latest firmware.

Official Release ER605 V2_2.2.2 Build 20231017 Official Firmware (Released on Oct 18th, 2023)

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#4
Options