Why is pfsense pinging LAN host and how to stop it
-
I have 2 pfsense boxes.WAN interface of box 2 is assigned a static IP on the LAN interface of box1. The LAN address of box1 is constantly sending ICMP echo requests (ping) to the static address of box2. This happens twice each second, regardless whether the box2 replies or not. DHCP is disabled on the LAN interface of box1, there is a static ARP entry for box2 IP/MAC. There is an ICMP 0:0 state in the Diagnostics/States window on box1 that summarizes the ICMP pings. I can kill the state, but it just comes back in a few seconds.
My questions are: what process is sending these pings, why, and how can I block/stop it. I tried some ICMP rules on box1 without any success.
Please help before this drives me crazy :)
Thanks a lot -
Hard to understand your network topology based on your post but I think the ICMP requests are coming from the System > Routing > Gateways section of the firewall.
You can check the "Disable Gateway Monitoring" checkbox with will disable the pinging of a gateway.
https://doc.pfsense.org/index.php/Gateway_Settings
If this isn't case, can you post an actual intelligible network layout?
-
I'll skip the part about asking why you have this setup…
Based on your description, the pings would be going the other way. pfSense monitors the upstream wan gateway for availability, so it would be that the downstream box (2) sends an echo request to the upstream box (1), and the upstream box responds with an echo reply.
Regardless, you can disable this by going to the downstream box, System / Routing / Gateways / Edit, and check the box described as "Disable Gateway Monitoring"
I have 2 pfsense boxes.WAN interface of box 2 is assigned a static IP on the LAN interface of box1. The LAN address of box1 is constantly sending ICMP echo requests (ping) to the static address of box2. This happens twice each second, regardless whether the box2 replies or not.
-
Why skip asking the most important question, because more than likely whatever he is trying to do is some borked shit to be sure ;)
Yes a downstream pfsense wan connection will try and ping its gateway.. My question would be why wouldn't your upstream pfsense answer? What interface do you have your downstream pfsense connected to and what are its rules?
If he setup some gateway on what should be the lan or local interface of the upstream pfsense then he has a borked mess..
Here's to hoping that his downstream pfsense would have natting off, and the connection to the upstream is actually just a transit network and he is not trying to place hosts on it, etc..
-
Hard to understand your network topology based on your post but I think the ICMP requests are coming from the System > Routing > Gateways section of the firewall.
You can check the "Disable Gateway Monitoring" checkbox with will disable the pinging of a gateway.
https://doc.pfsense.org/index.php/Gateway_Settings
If this isn't case, can you post an actual intelligible network layout?
Thank you very much. This is what it was. I forgot that I setup Box2 as a gateway to a network. Once I checked the disable gateway monitoring the pings stopped.
-
"I forgot that I setup Box2 as a gateway to a network. "
So its a downstream and connected to box 1 via a transit..
-
