Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot ping WAN interface

    Scheduled Pinned Locked Moved Firewalling
    19 Posts 5 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD Offline
      Derelict LAYER 8 Netgate
      last edited by

      OK.  That looks right.  What happens if you plug PC1 into the pfSense WAN port?  Can you ping it?

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • J Offline
        jannita
        last edited by

        same result :-(  (I have  tried with a normal cable and with a crossover cable)

        In the original scenario, pfsense and PC1 are able to ping their default gateway (192.168.140.1). pf sense (via its WAN if) it is able to ping any other public IP.

        For some reason I'm not able to see pfsense is not able to see any in the WAN network  with the exception of its default gateway

        Thank you.

        1 Reply Last reply Reply Quote 0
        • DerelictD Offline
          Derelict LAYER 8 Netgate
          last edited by

          No idea.  Diagnostics->Packet Capture on WAN and see what it shows.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • K Offline
            kejianshi
            last edited by

            Could be a firewall problem on PC1

            1 Reply Last reply Reply Quote 0
            • DerelictD Offline
              Derelict LAYER 8 Netgate
              last edited by

              I know what it isn't.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • K Offline
                kejianshi
                last edited by

                What isn't it?

                1 Reply Last reply Reply Quote 0
                • DerelictD Offline
                  Derelict LAYER 8 Netgate
                  last edited by

                  FreeBSD/pf with an em card.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • K Offline
                    kejianshi
                    last edited by

                    I'd tend to agree.

                    I wonder if he could be talked into downloading ubuntu or linux mint and booting it live from disk and then checking connectivity from pc1?

                    That way I'd be pretty sure that a firewall or other setting on PC1 wasn't the issue.

                    1 Reply Last reply Reply Quote 0
                    • DerelictD Offline
                      Derelict LAYER 8 Netgate
                      last edited by

                      Easier to capture the traffic on WAN on pfSense.  Or install wireshark on PC1.  Or both.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • O Offline
                        onizuka_pts
                        last edited by

                        may be you config worng

                        kenh14
                        gai xinh
                        gai dep

                        1 Reply Last reply Reply Quote 0
                        • J Offline
                          jannita
                          last edited by

                          PC1 it is able to ping PC3… anyway I have disabled the FW/AV software on PCI, same result.

                          I'll try later with the WAN/PC1 captures

                          Regards

                          1 Reply Last reply Reply Quote 0
                          • J Offline
                            jannita
                            last edited by

                            Well  I have performed the captures.
                            Only ARP broadcast messages….
                            In pfsense (192.168.140.112)

                            10:18:57.255415 ARP, Reply 192.168.140.112 is-at 00:18:71:ea:a9:b5, length 28
                            10:18:58.253579 ARP, Request who-has 192.168.140.112 tell 192.168.140.101, length 46
                            10:18:58.253586 ARP, Reply 192.168.140.112 is-at 00:18:71:ea:a9:b5, length 28
                            10:18:59.253501 ARP, Request who-has 192.168.140.112 tell 192.168.140.101, length 46
                            10:18:59.253508 ARP, Reply 192.168.140.112 is-at 00:18:71:ea:a9:b5, length 28
                            10:19:00.255669 ARP, Request who-has 192.168.140.112 tell 192.168.140.101, length 46
                            10:19:00.255676 ARP, Reply 192.168.140.112 is-at 00:18:71:ea:a9:b5, length 28
                            10:19:01.253716 ARP, Request who-has 192.168.140.112 tell 192.168.140.101, length 46
                            10:19:01.253723 ARP, Reply 192.168.140.112 is-at 00:18:71:ea:a9:b5, length 28

                            In PC1 (see attached)

                            pc1.jpg
                            pc1.jpg_thumb

                            1 Reply Last reply Reply Quote 0
                            • DerelictD Offline
                              Derelict LAYER 8 Netgate
                              last edited by

                              OK.  The PC is asking who has .112 and something is replying.  Then the PC asks again.  And again.  And again.  You need to find out why your PC is receiving an arp reply and ignoring it.

                              00:18:71:ea:a9:b5 should be what you expect for the MAC address of the interface on 192.168.140.112

                              Chattanooga, Tennessee, USA
                              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                              Do Not Chat For Help! NO_WAN_EGRESS(TM)

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.