Incoming ICMP blocked on virtual IP, despite rules in place to pass!
-
And what kind of virtual IP did you create - some will not answer ICMP
https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F -
They are set as IP Alias, the one that was introduced in pfSense 2.0, which is said to support ICMP.
So confused!
-
did you set them with the mask of your real IP or /32
can you post up the configuration you have set for the vip.. You are trying to ping them from outside your wan right?
Are you using it in a 1:1 Nat? If so I would believe the natted device would have to answer the ping.
-
I have set them up with the mask of the real IP. Is that the correct thing to do? I think I did try setting them as /32 already and it didn't have any effect at all.
Here's a shot of the configuration.
Yes I am trying to ping from outside the WAN, but the same issue also exists when trying to ping from inside.
No 1:1 configurations are used.
-
I tell a lie, I have set them to /29 because on the documents from my ISP, it lists the IP range with a subnet mask of 255.255.255.248. The real IP (assigned by DHCP) has a subnet mask of 255.255.255.255
-
Could you clarify what you mean by that? I don't believe that you can have a /32 over WAN, only really for loopbacks.
-
Sure, when I go to Status -> Interfaces and look at WAN 1, it shows the interface IP (dynamically assigned by the ISP) and the subnet mask as 255.255.255.255.
On the paperwork from my ISP where it lists the range of 5 static IPs for that connection, it states to use the subnet mask 255.255.255.248, so I set them as /29 on the virtual IP page. -
If you've got static IPs, why are you letting it assign it via DHCP? Assign it statically and use the correct mask on the actual interface.
-
That's how it works with this ISP (BT Business). Their modem does the same thing. If you have a single static IP, then that's what the interface gets, but if you have a range of static IPs, then your interface gets a separate one and the static IP range gets routed to that.
In my case, I have a range of 5 static IPs, so they're all set up as IP Aliases.
-
This is what the Interfaces screen looks like for WAN 1.
Not sure why pfSense lists all of it's DNS servers under that box but the first one is it's own DNS forwarder, 2 & 3 are the servers on that connection (WAN 1), 4 & 5 are the server on WAN 2 and 6 & 7 are the servers on the LAN.
