Unable to ping a specific public ip when using pfsense not when bypass.
-
@okjello
You should see these states on WAN as well.You WAN interface is configured by the modems DHCP?
Check Status > Interfaces and Status > Gateways for proper configuration. -
Yup, you should see a state on WAN too with the private internal IP NAT'd to the WAN address.
Steve
-
@okjello said in Unable to ping a specific public ip when using pfsense not when bypass.:
138.197.130.124
This is the states you should see when pinging something on the internet
-
I see it on the wan also but its not right...
WAN icmp 64.66.xxx.xx:44889 (10.1.0.45:1) -> 138.197.130.124:44889 0:0 8 / 0 480 B / 0 B
Is it picking random port? 44889 yours shows 54414 ?
So strange
Maybe i will just reload pfsense? It is a fresh install, no addons or anything. Running a a laptop with gig usb3 and onboard. Tons of resources.
-
@okjello said in Unable to ping a specific public ip when using pfsense not when bypass.:
Is it picking random port? 44889 yours shows 54414 ?
icmp doesn't really have a port.. But yes the way napt works is a "random" source port above 1023 will be used.
-
Yup, and that shouldn't be an issue.
I assume you are able to ping other addresses?
-
@stephenw10
yes everything else i ping fine, by ip or dns. and if i plug into modem directly i can ping it, so strange -
@okjello Is the IP address you're trying to ping the specific monitoring IP address for the Bypass Gateway?
-
Mmm, it responds to ping fine for me and @johnpoz so not something pfSense specific.
Can we see your firewall rules? Do you have anything specific for that IP?
Steve
-
@stephenw10
Just the default rules
0 /394 KiB- RFC 1918 networks * * * * * Block private networks
0 /0 B - Reserved
Not assigned by IANA * * * * * Block bogon networks
Lan rules
3 /993 KiB-
-
- LAN Address 80 * * Anti-Lockout Rule
69 /2.54 GiB
IPv4 * LAN net * * * * none Default allow LAN to any rule
0 /0 B
IPv6 * LAN net * * * * none Default allow LAN IPv6 to any rule
- LAN Address 80 * * Anti-Lockout Rule
-
I did try to setup allow rules for this ip as i connect to this server on port 16567. I couldn't connect with or with out rules I made. I can connect to other game servers. it soo strange. I might just try reload pfsense as i have nothing really configured on it.
- RFC 1918 networks * * * * * Block private networks
-
@okjello said in Unable to ping a specific public ip when using pfsense not when bypass.:
138.197.130.124
So I just reloaded pfsense, I installed 2.6.0-RELEASE on a toshiba laptop with i5 cpu and a usb nic.
Every webpage and thing I ping works except 138.197.130.124.
Normally I would think my public ip is being blocked etc but i can unplug the uplink from cable modem to pfsense and plug my computer directly into cable modem and i can ping that ip all day long.
only thing i configured is the wan and lan with loccal ip 10.1.0.1/23 everyting else except password in out of box config....
-
@okjello sniff on wan while your sniffing - do you see the ping go out? If so then its not pfsense..
-
I just tried to ping while using Surfshark vpn and I can ping. Thank kinda makes sense.
I will try packet capture and see
-
@okjello
So this is my Lan side, 10.1.0.45 my pc, the 172 was a google ping
I do not see replies from 138.197.130.124.21:10:24.039494 IP 10.1.0.45 > 172.217.13.163: ICMP echo request, id 1, seq 11068, length 40
21:10:24.065435 IP 172.217.13.163 > 10.1.0.45: ICMP echo reply, id 1, seq 11068, length 40
21:10:24.774889 IP 10.1.0.45.55445 > 142.251.16.189.443: UDP, length 33
21:10:24.818331 IP 142.251.16.189.443 > 10.1.0.45.55445: UDP, length 26
21:10:25.050849 IP 10.1.0.45 > 172.217.13.163: ICMP echo request, id 1, seq 11069, length 40
21:10:25.081907 IP 172.217.13.163 > 10.1.0.45: ICMP echo reply, id 1, seq 11069, length 40
21:10:25.531754 IP 10.1.0.45.59249 > 172.253.63.188.5228: tcp 1
21:10:25.576188 IP 172.253.63.188.5228 > 10.1.0.45.59249: tcp 0
21:10:26.363807 IP 10.1.0.45 > 138.197.130.124: ICMP echo request, id 1, seq 11070, length 40
21:10:26.424892 IP 10.1.0.45.55445 > 142.251.16.189.443: UDP, length 33
21:10:26.468575 IP 142.251.16.189.443 > 10.1.0.45.55445: UDP, length 26
21:10:27.249660 IP 10.1.0.45.59292 > 172.217.13.197.443: tcp 1 -
@okjello sniff on your WAN!!
Do you see the echo request go out? Its that simple - yes or no? You said you can ping google, so why would you would think showing us that?
-
@okjello Is the IP address you're trying to ping the specific monitoring IP address for the Bypass Gateway?
-
@okjello said in Unable to ping a specific public ip when using pfsense not when bypass.:
WAN icmp 64.66.xxx.xx:44889 (10.1.0.45:1) -> 138.197.130.124:44889 0:0 8 / 0 480 B / 0 B
If your showing state then that means it went outbound - if it went outbound and you don't get a response that has ZERO to do with pfsense.
You plugging a different device into a cable modem gets you a different IP.. Because your mac changes.
I want you to sniff on pfsense wan so you see the traffic go out for yourself.. This isn't a pfsense issue.. This is upstream.
Just think for 2 seconds.. What thing could be wrong on a clean install to some IP, but every other IP works..
-
@okjello said in Unable to ping a specific public ip when using pfsense not when bypass.:
Normally I would think my public ip is being blocked etc but i can unplug the uplink from cable modem to pfsense and plug my computer directly into cable modem and i can ping that ip all day long.
Are you sure the public IP is the same in both situations?
-
@stephenw10 said in Unable to ping a specific public ip when using pfsense not when bypass.:
Are you sure the public IP is the same in both situations?
Tell you right now they are not.. Why would a dhcp server give a different mac the same IP?
He shows pfsense having a public IP in his wan state.. In what scenario would different macs from a dhcp server get the same IP?
What makes more sense - IP X blocked by this server, or pfsense just deciding to not work on some random IP, but creates the outbound traffic, as you can see via the state..
-
Yup that seems most likely. Though you would think the laptop running pfSense would also get a different IP and be able to connect. Just unlucky maybe....
