Spectrum Router not allowing ICMP Echo Requests
Emily Wong 
I am currently trying to set up a server off of my Windows 10 PC, after lots of troubleshooting I have concluded that my router is blocking ICMP Echo requests (AKA Ping) from reaching my computer. This results in anyone outside of the network to get a "Session Timed Out" error when pinging my IP in CMND Prompt. I don't see any way to allow these requests on my router, at least not through the Spectrum app. I hear that NAT routers have issues with this via a firewall, any ideas on how to allow them? My router is an Askey SAC2V1K
I've been at this for weeks and finally decided to go to the forums, so thanks in advance!
32 Answers
Users outside of your home LAN shouldn't be trying to ping the non-routable private IP address of a server on your LAN. If they need to ping you, the only publicly accessible address they can ping is the one on the WAN port of your NAT gateway router.
So make sure they're pinging the right address, and make sure your NAT gateway router is configured to respond to pings on its WAN port.
This is pretty much a standard feature of a firewall router. More specifically it is a feature of any kind of firewall.
If you want this machine to be accessible you have two options.
- In your router configuration you should be able to forward external ports to an internal machine. This is done with an external port being opened and forwarded to a specific internal IP and port. This is the normal "I want to make a server on a computer available at my router IP:port address".
You essentially give specific programs the ability to be a server on your Internet IP. - Your router may have a "DMZ" setting. This is the nuclear approach and is only recommended when you 100% trust that the machine you are putting in DMZ has no security vulnerabilities. All packets from your Internet connection that are not already destined for specific machines on your network will get forwarded to the DMZ machine.
This is dangerous if the machine is running known insecure services. I would not have a Windows XP server in the DMZ due to various networking related vulnerabilities.
For the most part ICMP ping is a red herring. You shouldn't need to care about it and option 1 should be your preferred method.
If you have a game server then you should simply forward the relevant external port to the machine and port hosting the server. Most games will let you specify both an IP and port to connect to from outside your network, and if they require your machine to be available via ICMP ping as well then the game designers were insane and have somehow completely missed the last 20 years of consumer Internet connections completely blocking public ICMP pings.
99% of the time simple per application port forwarding rules should suffice. If you need ping as well then you need to look carefully at why the application needs that. Chances are it doesn't. It almost certainly shouldn't. Ping is only for "is someone there" messages, you can still have other ports open and with two way communication even with pings blocked.
