General Questions

Is there any way either via the web interface or the console view to be able to constantly ping an ip/domain name? I would like to block all ICMP on my machine but still run pings on the firewall to monitor lag etc. The issue is I don't know if it is even possible to get a constant ping on m0n0wall or not. Unless there is some trick I can use I have found no way. I even tried altering the web page source code to have 999 ping count but it won't go above 10.

Not possible for m0n0wall itself to constantly ping, at least not as currently designed.

When you say "I would like to block all ICMP on my machine" what machine (or machines) are you talking about and what are the sources of the ICMP you wish to block?

Just that I am experimenting blocking all ICMP to and from my host PC. I would like to be able to run a continuous ping like I did with ipcop etc when I was able to login to the shell and just use the ping command and ctrl + C to stop it when I was ready too. But there is no shell access on m0n0 it seems.

So far I have two adapters on my internal m0n0wall, one is disabled and one is enabled. If I need to ping I can temporarily alternate them so the rule will not block ICMP on the opt based IP and then alternate when I want my ICMP blocked again. The only issue is that it is an all or nothing thing.

m0n0wall is so tiny it would have been fantastic to use a ping command for a continuous ping instead of having to either do what I am doing now with multiple adapters or use a vmware on another IP address to ping from there. I hate wasting resources to do small things.

No shell on m0n0wall.

ICMP from out on the internet cannot reach your LAN or OPT hosts since it cannot be forwarded across a NAT.

If you are worried that your public WAN IP is pingable, you can fully block that in m0n0wall without interfering with LAN or OPT hosts being able to ping hosts on the internet.

You could execute a shell command that pings and writes the result to the syslog in the background but you'd have to do this everytime you reboot your m0n0wall or use the hidden shell command option in the configuration file of m0n0wall.

I am concerned with outgoing pings. The things I am experimenting with send pings from my machine and report the details back to the server I am connected too. If I block ICMP from my machine it gives a mysterious "-" instead of a ping. I would like to still be able to ping if and when I want, hence the techniques mentioned in the previous post. It would be nice to have a tick box on the web GUI ping/tracert to have a constant ping option for trouble shooting purposes. I regularly leave a ping google.com -t going so I can track packet drop and lag issues. However when I am blocking ICMP I am unable to send out pings from my IP, forcing me to either change ip, swap adapters or boot up a vmware just so I can ping.

The best and most elegant option would be to have a "continuous ping" option on the web GUI.

You could execute a shell command that pings and writes the result to the syslog in the background but you'd have to do this everytime you reboot your m0n0wall or use the hidden shell command option in the configuration file of m0n0wall.

Hidden shell? I thought there is no shell access?

There is no "shell access" in the released versions of m0n0wall, at least not in the sense of what "shell access" means to most.

What there is are a hidden /exec.php command from the WEBGUI where a limited number of commands can be executed from within the browser, and a limited number of commands that can be run from shell commands inserted into the config.xml file.

You would probably be better served with things like MRTG or MON.