Allow ICMP echo request on WAN

heper

just tried it … works for me.

you sure you don't have a block rule that matches first and thus renders your pass rule useless?

johnpoz

why don't you post your wan rules via a pic of them.. And do you have any floating rules?

And your not behind a NAT?? You have public IP on your pfsense wan, not rfc1918

And click on your firewall entry - what is blocking it?

allowping.png_thumb

rulethatblocked.png_thumb

stefanfa

My pfSense is ny NAT so to speak. It's connected to my ISP and no other firewalling in between.

I have some floating rules but those were generated by the wizard when setting up QoS. I have tried disabling these aswell (sigh. disabling 50 rows of floating rules..)

I did once try to click the red (x) like you show in your picture to check what rule is actually blocking ICMP and it shows up empty.

![Firewall WAN.png](/public/imported_attachments/1/Firewall WAN.png)
![Firewall WAN.png_thumb](/public/imported_attachments/1/Firewall WAN.png_thumb)

johnpoz

So did you change the rule to just icmp.. And what is your floating rules? So you click the red x and you get empty box? Well clearly that is not right.

Just because its connected to your "isp" doesn't mean your isp is giving you a public IP.. What does the first 2 octets of your wan interface.. Mine are 24.13 for example.. This is IP from comcast.

Please post up your floating tab..

stefanfa

Ah yes i forgot to answer that aswell.

It is a public IP that i get on my pfsense machine.

80.245.xxx.xxx

I did try to change it to just ICMP and not just specific for the echo request. And same result.

rule.png_thumb

Floating_1.png_thumb

Floating_2.png_thumb

Floating_3.png_thumb

Floating_4.png_thumb

stefanfa

Ok so.

I changed it to ICMP / any. And nothing happened (i've tried it before).

And i just thought that i should reboot the machine.

And now ping is working.

Sigh… (and yes i have clicked apply changes a thousand times)

stefanfa

I'd like to thank everyone who tried to help =)

So here it is.

Thank you =)

johnpoz

so now when you look at the blocked stuff do you get what rule applied, did you ever try reloading the rules? Seems like your apply was not happening.

stefanfa

Yes now when i click them in the firewall log i actually see a name.

Never did try a proper reload no.

Thanks =)

johnpoz

Whenever you run into an issue with firewall rules not working, if your trying to block something flush the states. Ir your trying to put in a new rule that doesn't seem to work then do a reload. Or yeah reboot does it too ;)

That you were not seeing what rule was blocking the traffic something was clearly not right, so a reload prob would of fixed it - or your reboot does the same thing