Unable to ping a specific public ip when using pfsense not when bypass.
-
I have a fresh install of pfsense, pretty vanilla setup, internal 1 vlan 10.1.0.x/23
external dhcp on cable modem. I play an old game and connect to a server 138.197.130.124, you should be able to ping it, and I i plug direct into cable modem I can but not while in pfsense. I cant see anywhere where its blocking.It is not like its a rule issue as I cant even ping... not sure how to troubleshoot this one...
Mark
-
Hmm, well if it can be pinged it should respond. I assume you have 'allow all rules' on your internal interface?
Check the states in Diag > States when you are trying to ping. Do you see the state opened for on it on LAN and NAT'd on WAN?
Steve
-
@stephenw10
Thanks for reply, I do see the state
LAN icmp 10.1.0.45:1 -> 138.197.130.124:1 0:0 45 / 0 3 KiB / 0 Bcompared that to ping on google
LAN icmp 10.1.0.45:1 -> 172.217.165.131:1 0:0 7 / 7 420 B / 420 B
So looks like im sending but not receiving....
If i plug directly into cable modem i can ping with reply no issues, or from my phone or other network. but as soon and i connect pfsense I'm unable to successfully ping even from pfsense gui. so strange... -
@okjello
You should see these states on WAN as well.You WAN interface is configured by the modems DHCP?
Check Status > Interfaces and Status > Gateways for proper configuration. -
Yup, you should see a state on WAN too with the private internal IP NAT'd to the WAN address.
Steve
-
@okjello said in Unable to ping a specific public ip when using pfsense not when bypass.:
138.197.130.124
This is the states you should see when pinging something on the internet
-
I see it on the wan also but its not right...
WAN icmp 64.66.xxx.xx:44889 (10.1.0.45:1) -> 138.197.130.124:44889 0:0 8 / 0 480 B / 0 B
Is it picking random port? 44889 yours shows 54414 ?
So strange
Maybe i will just reload pfsense? It is a fresh install, no addons or anything. Running a a laptop with gig usb3 and onboard. Tons of resources.
-
@okjello said in Unable to ping a specific public ip when using pfsense not when bypass.:
Is it picking random port? 44889 yours shows 54414 ?
icmp doesn't really have a port.. But yes the way napt works is a "random" source port above 1023 will be used.
-
Yup, and that shouldn't be an issue.
I assume you are able to ping other addresses?
-
@stephenw10
yes everything else i ping fine, by ip or dns. and if i plug into modem directly i can ping it, so strange -
@okjello Is the IP address you're trying to ping the specific monitoring IP address for the Bypass Gateway?
-
Mmm, it responds to ping fine for me and @johnpoz so not something pfSense specific.
Can we see your firewall rules? Do you have anything specific for that IP?
Steve
-
@stephenw10
Just the default rules
0 /394 KiB- RFC 1918 networks * * * * * Block private networks
0 /0 B - Reserved
Not assigned by IANA * * * * * Block bogon networks
Lan rules
3 /993 KiB-
-
- LAN Address 80 * * Anti-Lockout Rule
69 /2.54 GiB
IPv4 * LAN net * * * * none Default allow LAN to any rule
0 /0 B
IPv6 * LAN net * * * * none Default allow LAN IPv6 to any rule
- LAN Address 80 * * Anti-Lockout Rule
-
I did try to setup allow rules for this ip as i connect to this server on port 16567. I couldn't connect with or with out rules I made. I can connect to other game servers. it soo strange. I might just try reload pfsense as i have nothing really configured on it.
- RFC 1918 networks * * * * * Block private networks
-
@okjello said in Unable to ping a specific public ip when using pfsense not when bypass.:
138.197.130.124
So I just reloaded pfsense, I installed 2.6.0-RELEASE on a toshiba laptop with i5 cpu and a usb nic.
Every webpage and thing I ping works except 138.197.130.124.
Normally I would think my public ip is being blocked etc but i can unplug the uplink from cable modem to pfsense and plug my computer directly into cable modem and i can ping that ip all day long.
only thing i configured is the wan and lan with loccal ip 10.1.0.1/23 everyting else except password in out of box config....
-
@okjello sniff on wan while your sniffing - do you see the ping go out? If so then its not pfsense..
-
I just tried to ping while using Surfshark vpn and I can ping. Thank kinda makes sense.
I will try packet capture and see
-
@okjello
So this is my Lan side, 10.1.0.45 my pc, the 172 was a google ping
I do not see replies from 138.197.130.124.21:10:24.039494 IP 10.1.0.45 > 172.217.13.163: ICMP echo request, id 1, seq 11068, length 40
21:10:24.065435 IP 172.217.13.163 > 10.1.0.45: ICMP echo reply, id 1, seq 11068, length 40
21:10:24.774889 IP 10.1.0.45.55445 > 142.251.16.189.443: UDP, length 33
21:10:24.818331 IP 142.251.16.189.443 > 10.1.0.45.55445: UDP, length 26
21:10:25.050849 IP 10.1.0.45 > 172.217.13.163: ICMP echo request, id 1, seq 11069, length 40
21:10:25.081907 IP 172.217.13.163 > 10.1.0.45: ICMP echo reply, id 1, seq 11069, length 40
21:10:25.531754 IP 10.1.0.45.59249 > 172.253.63.188.5228: tcp 1
21:10:25.576188 IP 172.253.63.188.5228 > 10.1.0.45.59249: tcp 0
21:10:26.363807 IP 10.1.0.45 > 138.197.130.124: ICMP echo request, id 1, seq 11070, length 40
21:10:26.424892 IP 10.1.0.45.55445 > 142.251.16.189.443: UDP, length 33
21:10:26.468575 IP 142.251.16.189.443 > 10.1.0.45.55445: UDP, length 26
21:10:27.249660 IP 10.1.0.45.59292 > 172.217.13.197.443: tcp 1 -
@okjello sniff on your WAN!!
Do you see the echo request go out? Its that simple - yes or no? You said you can ping google, so why would you would think showing us that?
-
@okjello Is the IP address you're trying to ping the specific monitoring IP address for the Bypass Gateway?
-
@okjello said in Unable to ping a specific public ip when using pfsense not when bypass.:
WAN icmp 64.66.xxx.xx:44889 (10.1.0.45:1) -> 138.197.130.124:44889 0:0 8 / 0 480 B / 0 B
If your showing state then that means it went outbound - if it went outbound and you don't get a response that has ZERO to do with pfsense.
You plugging a different device into a cable modem gets you a different IP.. Because your mac changes.
I want you to sniff on pfsense wan so you see the traffic go out for yourself.. This isn't a pfsense issue.. This is upstream.
Just think for 2 seconds.. What thing could be wrong on a clean install to some IP, but every other IP works..
