ICMP pings still timing out despite ICMP traffic being reported as passed
-
Man I am glad I found this thread, as I have been having this exact same problem. In Battlefield 3 and 4 my ping shows as "-" in game. If I connect directly to the cable modem or use my old wrt54gl in place of the pfSense box then the pings show up.
When I go through the pf sense box the ping shows fine in battlelog (web based server browser for the game) and I can open up command prompt and ping sites just fine. I also created a rule to allow icmp requests on the wan and going to www.whatsmyip.org/ping/ pings show up just fine. So then i decided to create a NAT rule that passed icmp to the machine running the game and that didn't work either. I also downloaded that EA utility and when I do the Poll option I get the same results as the OP.
My pfsense box is running v2.1 on live cd. I have everything set to defaults except for the WAN rule allowing icmp through. Hopefully we can get this fixed because the game server admins keep kicking out of their servers cause they think my ping is to high.
-
"Windows Firewall service is disabled."
that is NOT the way to disable your firewall - the service should be left running, and you go into the settings and turn it off. I have to assume your machine is not allowing you to see the returns.. Since clearly from your sniff, on your machine pfsense is sending your replies to you.
So something in your OS is not allowing the tool to see those replies.
I would suggest you let the service run, and just turn off the firewall for whatever network profile your on - I would assume home. Are you running any other sort of security suite on your machines?
Clearly from your sniff your machine is getting the replies to the pings - so your problem has NOTHING to do with pfsense.
If I had to guess as mentioned when your connected to pfsense your under some other network profile, when when you connect to your modem directly. And either your other security software is causing you problems - or that you have disabled the firewall service is causing you issues under these different profiles.
So enable the service - go into the firewall settings and allow icmp, then turn off the firewall but do not mess with the firewall service.
To bob314 - I see no point in forwarding ICMP into something behind your pfsense.. Why can pfsense not just answer the pings, just allow icmp to your wan interface and you should be fine. If your going to forward icmp to something behind pfsense - then you need to make sure that something answers and does not have some firewall running or in an odd state like the OP.
-
"Windows Firewall service is disabled."
that is NOT the way to disable your firewall - the service should be left running, and you go into the settings and turn it off. I have to assume your machine is not allowing you to see the returns.. Since clearly from your sniff, on your machine pfsense is sending your replies to you.
So something in your OS is not allowing the tool to see those replies.
I would suggest you let the service run, and just turn off the firewall for whatever network profile your on - I would assume home. Are you running any other sort of security suite on your machines?
Clearly from your sniff your machine is getting the replies to the pings - so your problem has NOTHING to do with pfsense.
If I had to guess as mentioned when your connected to pfsense your under some other network profile, when when you connect to your modem directly. And either your other security software is causing you problems - or that you have disabled the firewall service is causing you issues under these different profiles.
So enable the service - go into the firewall settings and allow icmp, then turn off the firewall but do not mess with the firewall service.
Turned on the firewall service, turned on the firewall, allowed ICMP traffic. Still same issue. Turned off firewall, still had service enabled, same issue. I don't think the firewall is the problem since it was completely disabled on my system.
I checked all my network settings that have to do with the specific network. It's set to Private (the least restrictive), and all sharing options are enabled.
Also this occurs on multiple computers on the same network, it's not isolated.
Could it be pfsense is modifying the packets somehow? Changing the headers or the content?
I'm going to contact EA, now that I have proof the packets are indeed received on my computer.
-
And why would it be doing that, when its not doing it on mine other people in the thread that says it works.
Clearly you see from sniff the replies are there, if you ping from cmd line on your client they work. If you traceroute from cmd line on your client it works. Its this software that is not seeing them.
Why I have no idea currently - the software works on my machine, and I am running through pfsense 2.1
I would have to think its something your doing in your os setup, security software your running? Do you run any security software? Maybe something to do with icmp rate limiting?
If you think what this software is doing - it could look malicious to me, pinging what could look like random IPs very quickly.
Take a look at the details of the packets when you do a normal ping from your command line that works. And what you get sent back in the reply. Then look at the packets the tool sends out and what you get back - do you see any thing odd.
From my quick look it was your typical ping.. But when I get home I can do that test and compare what sent and recv'd when normally ping and what that tool sends and what is sent back.
Then repeat the sniffs while directly connected to your modem and see.. I would be curious what firewall profile you get, what does windows identify the network as when your directly connected to the modem vs when your connected to pfsense. Or what some other software your running - are you running anything, antivirus sort of tools? Many of them contain firewalls or firewall like features, etc.
edit: as a side note and for completeness - here is why I say not to disable the firewall service.
http://technet.microsoft.com/en-us/library/cc766337%28v=ws.10%29.aspx
Do not disable Windows Firewall by stopping the service. Instead, use one of the preceding procedures (or an equivalent Group Policy setting) to turn the firewall off. If you turn off the Windows Firewall with Advanced Security service, you lose other benefits provided by the service, such as the ability to use Internet Protocol security (IPsec) connection security rules, Windows Service Hardening, and network protection from attacks that employ network fingerprinting.I have never seen a reason why this service should be disabled. I personally don't see a need for the windows firewall on my machines - they are on my secure private lan. But I just turn off the firewall vs turning off the service. If for some strange reason my machine got connected to different network say wireless or something - then it would not be identified as home network, but public - and in that case I would want the software firewall. Laptops for example - they don't need the firewall while connected to my network. But when they get taken outside my secure network - then yes that network should be public and firewall ON..
-
And why would it be doing that, when its not doing it on mine other people in the thread that says it works.
This baffles me more than anyone. I know it should be working, I'm hosting a website, teamspeak, and I've hosted plenty of gaming servers. Why a simple ICMP packet cannot get through is confusing.
Clearly you see from sniff the replies are there, if you ping from cmd line on your client they work. If you traceroute from cmd line on your client it works. Its this software that is not seeing them.
Why I have no idea currently - the software works on my machine, and I am running through pfsense 2.1
I would have to think its something your doing in your os setup, security software your running? Do you run any security software? Maybe something to do with icmp rate limiting?
If you think what this software is doing - it could look malicious to me, pinging what could look like random IPs very quickly.
The only software I have INSTALLED (not running) is Kaspersky Anti-Virus 2013, which doesn't have firewalling. I had Spybot Search and Destroy which blocked tens of thousands of IP addresses, but I reversed its changes and uninstalled it. I also have Peer Block, but it is not running AND it blocks IP addresses, not specific packets. Other than windows firewall which is disabled, and which I have always hated since Windows XP had it install automatically in a service pack years ago, there is nothing running on this PC that interferes with network traffic.
Take a look at the details of the packets when you do a normal ping from your command line that works. And what you get sent back in the reply. Then look at the packets the tool sends out and what you get back - do you see any thing odd.
From my quick look it was your typical ping.. But when I get home I can do that test and compare what sent and recv'd when normally ping and what that tool sends and what is sent back.
Then repeat the sniffs while directly connected to your modem and see.. I would be curious what firewall profile you get, what does windows identify the network as when your directly connected to the modem vs when your connected to pfsense. Or what some other software your running - are you running anything, antivirus sort of tools? Many of them contain firewalls or firewall like features, etc.
OK I did that. Here is the log file. I've slightly altered it to show when and where I disconnect my pfsense and connect my modem. The first 3 lines of the log tell you what lines the parts of the log are on. I can't really understand what it says myself.
Here's a comparison from a poll to the same IP address. These first two resulted in a 100% loss, while behind my pfsense router:
No. Time Source Destination Protocol Length Info 18 1.429306000 192.168.1.139 4.69.201.38 ICMP 42 Echo (ping) request id=0x0001, seq=2323/4873, ttl=64 (reply in 21) Frame 18: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0 Ethernet II, Src: AsustekC_cc:9f:bd (c8:60:00:cc:9f:bd), Dst: Trendnet_26:b9:d8 (00:14:d1:26:b9:d8) Internet Protocol Version 4, Src: 192.168.1.139 (192.168.1.139), Dst: 4.69.201.38 (4.69.201.38) Internet Control Message Protocol No. Time Source Destination Protocol Length Info 21 1.514691000 4.69.201.38 192.168.1.139 ICMP 60 Echo (ping) reply id=0x0001, seq=2323/4873, ttl=53 (request in 18) Frame 21: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Trendnet_26:b9:d8 (00:14:d1:26:b9:d8), Dst: AsustekC_cc:9f:bd (c8:60:00:cc:9f:bd) Internet Protocol Version 4, Src: 4.69.201.38 (4.69.201.38), Dst: 192.168.1.139 (192.168.1.139) Internet Control Message Protocol
Now here's to the same IP when connected to my modem, which resulted in a successful polling in this tool:
No. Time Source Destination Protocol Length Info 1935 80.618835000 67.180.200.247 4.69.201.38 ICMP 42 Echo (ping) request id=0x0001, seq=27944/10349, ttl=64 (reply in 1940) Frame 1935: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0 Ethernet II, Src: AsustekC_cc:9f:bd (c8:60:00:cc:9f:bd), Dst: Cadant_63:ce:46 (00:01:5c:63:ce:46) Internet Protocol Version 4, Src: 67.180.200.247 (67.180.200.247), Dst: 4.69.201.38 (4.69.201.38) Internet Control Message Protocol No. Time Source Destination Protocol Length Info 1940 80.697383000 4.69.201.38 67.180.200.247 ICMP 60 Echo (ping) reply id=0x0001, seq=27944/10349, ttl=55 (request in 1935) Frame 1940: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: Cadant_63:ce:46 (00:01:5c:63:ce:46), Dst: AsustekC_cc:9f:bd (c8:60:00:cc:9f:bd) Internet Protocol Version 4, Src: 4.69.201.38 (4.69.201.38), Dst: 67.180.200.247 (67.180.200.247) Internet Control Message Protocol
-
To bob314 - I see no point in forwarding ICMP into something behind your pfsense.. Why can pfsense not just answer the pings, just allow icmp to your wan interface and you should be fine. If your going to forward icmp to something behind pfsense - then you need to make sure that something answers and does not have some firewall running or in an odd state like the OP.
At first I just created the rule to allow ICMP to the WAN. When that didn't work I decided to try the NAT rule, but I agree with you that I shouldn't have had to do that I was just trying to see if it would work. I have verified that windows firewall is off. I have no other security software running except for windows defender.
-
Ok only things I see as different in those are the ttl is 53 vs 55 – this makes sense you have an extra hop when your behind pfsense. But I would think it should be 54 not 55? Hmmm have to think about that for a second?
Other thing is your source mac is different.. Neither of these should matter at all.
Sounds like you got a bunch of security software even if not running.. Do you install all that stuff on all your machines?
Why don't do install clean - or how about real simple just boot windows in safe mode with network and see if the software then. That Kaspersky hooks its self into alot of stuff - I know you can just enable the firewall features can you not, so the hooks must already be in play.. I would try the safe mode boot and test, I would if possible do a clean install of windows.. At min uninstall all of that stuff you have installed that hooks into your networking of the OS.
Here is the thing - clearly your seeing the reply with a simple sniff - so what is causing the problem really points to something your running on that machine.
Why does the os ping work? But not this software when clearly the traffic is going through and coming back through pfsense just fine.
-
Ok only things I see as different in those are the ttl is 53 vs 55 – this makes sense you have an extra hop when your behind pfsense. But I would think it should be 54 not 55? Hmmm have to think about that for a second?
Other thing is your source mac is different.. Neither of these should matter at all.
Sounds like you got a bunch of security software even if not running.. Do you install all that stuff on all your machines?
No, one of the machines actually has a clean boot of windows 8. Besides Firefox, Libre Office, and Google Chrome, nothing else has been installed on that machine. The other has a 2 year old install of Windows 7 with Spybot and CCleaner.
Why don't do install clean - or how about real simple just boot windows in safe mode with network and see if the software then. That Kaspersky hooks its self into alot of stuff - I know you can just enable the firewall features can you not, so the hooks must already be in play.. I would try the safe mode boot and test, I would if possible do a clean install of windows.. At min uninstall all of that stuff you have installed that hooks into your networking of the OS.
Here is the thing - clearly your seeing the reply with a simple sniff - so what is causing the problem really points to something your running on that machine.
Why does the os ping work? But not this software when clearly the traffic is going through and coming back through pfsense just fine.
I just did a test in safe mode and still the same issue. No anti virus program or blockers runs then. I'm led to believe it's still pfsense, despite what wireshark says.
-
So how is wireshark lying? the packets are there dude - so why does this software not see them? Your OS clearly sees them when you just ping from the cmd line, etc.
So what could pfsense be doing that your OS doesn't care about, but this software doesn't like??
Make No sense at all other than this software is flaky!
-
OP, what's the Trendnet device between your machine and pfSense?
-
I'm led to believe it's still pfsense, despite what wireshark says.
Facepalm.
OP, as was asked before, what device on your network is "Trendnet_26:b9:d8 (00:14:d1:26:b9:d8)"
If it's not your pfSense LAN NIC, what is it?
-
OP, what's the Trendnet device between your machine and pfSense?
There is none.
Edit: Trendnet_26:b9:d8 (00:14:d1:26:b9:d8) is the same MAC address as my router: 192.168.1.1 00:14:d1:26:b9:d8 pfsense.localdomain
-
Make No sense at all other than this software is flaky!
I agree, I've contacted the developers already and I'm waiting for a response. I will keep everyone posted.
-
Any results yet? I have been trying to figure out this problem as well with no luck.
-
_12/11/13 at 10:07 am ADVISOR: My name is Wayne and I am one of the Specialists working on your case with regards your disconnecting issue with Battlefield 3 and Battlefield 4.
Firstly I am sorry to hear that you have been experiencing this issue. I play Battlefield myself and know how annoying it is when something like this happens.
I have now escalated your case to our studio liaison team so they can work with the studio to get this issue resolved for you. Once the studio has completed their investigation they will be in contact with you.
Again, I apologize for the inconvenience this issue must have caused you. Should there be anything else you might require assistance with, please don't hesitate to let me know._
-
This thread just fizzled out? Would have been nice to know what the resolution was.
-
Just got this message:
My name is Andrew and I am part of the EA Worldwide Customer Experience team working alongside Wayne. After reviewing your case it would appear that the issue you are encountering is linked with your firewall settings on your router as you state that the ping displays correctly when the computer is patched directly to the modem without the router in place.
As every router is different and in fact as many modems include them as well we are unable to provide direct support for configuring their internal firewalls. As such I would recommend checking with both your modem and router manufacturers for guides on how to forward your ports correctly on those pieces of hardware and ensure that they are forwarded in both cases so as to prevent any clashes.
Should you need such you can find a list of which ports need to be forwarded to access all Battlefield 4 Functionality at http://answers.ea.com/t5/Battlefield-4/Battlefield-4-Ports/td-p/1861045
As always should after doing this there still be any issues please do not hesitate to contact us and we will be happy to address your ongoing concerns.
So…where do we go from here? I think we've tried everything. Is it just a bug in pfsense?
-
It works fine for everyone else. Not a pfSense bug.
-
It works fine for everyone else. Not a pfSense bug.
But I've reset all the settings to default in pfsense and it's still having the issue. Could it be a hardware problem with the router?
-
Could be an issue with your OS, your NIC, your pfSense box's NIC, your modem, your ISP, one of the routes leading to EA, a huge number of things could cause it. It worked fine for me with relatively strict rules, and it works fine for other people as well.