Allow icmp (ping) from WAN and Forwarding Ports

Enable Ping This tutorial will walk you through the steps to forward ports on the Anonabox. As a first step and general demonstration, we will unblock icmp (ping) traffic from the WAN side, as it is very similar. Also for general troubelshooting when forwarding ports it is handy to be able to ping the device from the WAN side.

First step to allow icmp traffic from the WAN of the Anonabox so we can troubleshoot. 1) Log in to the admin interface and go to network –> firewall, and then click the tab that says 'traffic rules'. This page has all the default rules for the firewall. There is one in there that prevents anyone from being able to ping the device from the outside. We named that rule disAllow-Ping, it should be on the list of rules. To the right of that line item, there is a button labeled 'delete'. Go ahead and click delete and then scroll down to the bottom of the page and click 'save and apply'.


2) Now that we have gotten rid of that rule, we have to add one in to allow the icmp (ping traffic). To do that, click the 'network' dropdown menu and select firewall again, and then click on the tab that says 'port forwards'. Look for the area named 'Open Ports on Router'. In there, type a name for this new forward, lets name it allow-ping. Under the 'protocol' dropdown, select 'other' and leave the field blank. Once you have done that, click the 'add' button next to it. It will look like so:

After you click the 'add' button, it will take you to a page where you can add more details about the port forward. You will only need to worry about changing one field, the field next to 'protocol' which you should set to be 'icmp' like so:

After you set that one field to icmp, you can just scroll down and click the blue 'save and apply' button at the bottom of the page. You should now be able to ping the WAN side of the device from other computers on the WAN network.

Forwarding Ports For this example we will use the term “COMPA” to refer to a computer that is connected to the LAN side of the Anonabox and “COMPB” to refer to a computer that is connected to the same network as the WAN side of the Anonabox. The next step is to forward ports for whichever services you want to use on COMPA. Which ports you add will depend on what service you want to use on COMPA. For this example, we are going to show you how to forward a port for a service known as SSH, which uses port 22 tcp, even though you probably have a different service you want to use. If you need help to figure out which ports you need, its just a quick search. There is a link at the bottom of the page to a site with a list of common ports.

To forward traffic for port 22, we click 'network' –> firewall –> Traffic Rules, scroll down to 'Open Ports on the Router' and type in a name for the new forward, which can be anything you want. In our case, we will use the name allow-ssh. We will select 'tcp' under the protocol because ssh only uses tcp. Under external port we add the number for the port we want to us, in this case 22. Then we click add. Now we are back to the traffic rules screen, so we have to scroll down the list and look for the rule we just made, which was named 'allow-ssh'. On the button to the right of that we click 'edit', and on the page that comes up for editing the rule we look for where it says 'Destination Address'. In the field next to destination address we select which computer we want that traffic to be forwarded to. In your case there may only be one computer listed there, in our case it was our testing machine: COMPA.

After you select that computer, scroll down and click 'save and apply'.

Now in this example, COMPB can initiate an ssh connection to COMPA by typing ssh user@ip address of Anonabox WAN.

The Anonabox will just forward all traffic directed to it from the WAN side directly to COMPA.

If you want to tell us what service on COMPA you want to access from COMPB, we can find the ports numbers and protocols you need. Here is a handy list of the commonly used ones and the services they correlate to: