Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't ping from GUI, unstable game server connection, gateway monitoring does not work

    Scheduled Pinned Locked Moved General pfSense Questions
    36 Posts 2 Posters 3.6k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • AlexanderOFA Offline
      AlexanderOF
      last edited by AlexanderOF

      I have installed PfSense 2.5.2 on a custom pc build with a Intel i350-t2, 8GB of ram and a G5400 dual-core cpu.

      My problem is that PfSense can't ping IPs (from Cloudflare, Google etc.) from the web GUI ping utility but I can ping them from LAN from a PC. I have created a floating rule which allows ICMP traffic, but that did not fix my issue. Also, PfSense can't ping the default gateway (My ISPs Modem/Router). There are 2 errors that were logged by PfSense when trying to ping the default gateway:

      sendto error: 50 (The most common one)
      sendto error: 65 (This is common too)

      Also, I am hosting a Minecraft server and for some reason after switching to PfSense i have weird issues where players get disconnected at random times. I don't think I have the wrong settings on NAT, because I believe that otherwise we would not be able to connect at all

      I have searched everything, tried re-installing PfSense, nothing worked.

      Sorry if this post is a mess (it's also my first time posting on a forum for help). I tried everything and i am confused and also frustrated. Hope i find a solution!

      (EDIT) Tried capturing the ICPM Packets send from the GUI Ping Utility:

      1 0.000000 192.168.100.2 192.168.100.1 ICMP 43 Echo (ping) request id=0xc231, seq=13221/42291, ttl=64 (no response found!)
      2 0.000288 192.168.100.1 192.168.100.2 ICMP 60 Echo (ping) reply id=0xc231, seq=13221/42291, ttl=64
      3 0.501233 192.168.100.2 192.168.100.1 ICMP 43 Echo (ping) request id=0xc231, seq=13222/42547, ttl=64 (no response found!)
      4 0.501523 192.168.100.1 192.168.100.2 ICMP 60 Echo (ping) reply id=0xc231, seq=13222/42547, ttl=64
      5 1.019231 192.168.100.2 192.168.100.1 ICMP 43 Echo (ping) request id=0xc231, seq=13223/42803, ttl=64 (no response found!)

      Here are the packet capture results ^

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        Where was that capture run?

        If it was on the WAN have you swapped out the IPs or is it behind some other NAT device?

        What are the MAC addresses on those pings?
        The fact is shows 'no response found' but the reply appears to be there implies something low level like an IP or MAC address conflict.

        Steve

        AlexanderOFA 1 Reply Last reply Reply Quote 0
        • AlexanderOFA Offline
          AlexanderOF @stephenw10
          last edited by AlexanderOF

          I run this capture with the built in Packet Capture tool on Pfsense with WAN chosen. I reinstalled PfSsense, now with a static ip instead of it taking a lease from my modem's DHCP server. (Don't really know how this is going to affect it.) I dont know how to check the MAC Addresses on those pings. Should I run a packet capture again?

          I can ping my modem from my pc (and any other ip, like cloudflare), but I cannot ping it from PfSense.

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            You can probably just view the capture already there. Just set the 'level of detail' higher to see the MACs. Or you can download it and view in, for example, wireshark but that's probably not necessary.

            Can you ping the modem from pfSense if you set the source as LAN?

            Steve

            AlexanderOFA 1 Reply Last reply Reply Quote 0
            • AlexanderOFA Offline
              AlexanderOF @stephenw10
              last edited by

              Just tried pinging the gateway from LAN, still can't ping it. Should i upload the packet capture results here? I see a error in the packet capture: (wrong icmp cksum ffff (->a868)!)

              The MAC Addresses are the correct ones

              I am new to networking, sorry if I mention/ask anything stupid

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                That error is because of hardware checksum offloading in the NIC and is normal.

                Just to be clear you are able to ping the gateway from a client behind pfSense in the LAN?

                AlexanderOFA 1 Reply Last reply Reply Quote 0
                • AlexanderOFA Offline
                  AlexanderOF @stephenw10
                  last edited by

                  I can ping the gateway from a client on the LAN side, that's correct. Should i disable hardware checksum offloading?

                  AlexanderOFA 1 Reply Last reply Reply Quote 0
                  • AlexanderOFA Offline
                    AlexanderOF @AlexanderOF
                    last edited by AlexanderOF

                    As of this day, I can't find a solution to the ping problems I have:

                    As of the unstable game server connection, i managed to fix this by disconnecting a PC with a problematic NIC that was causing some problems.

                    Here is the Packet Capture results for anybody that knows and can help:

                    --------------------------------
                    Packet Capture On WAN
                    --------------------------------

                    11:15:34.921725 a0:36:9f:05:1e:a2 > 0c:b9:12:05:6b:80, ethertype IPv4 (0x0800), length 43: (tos 0x0, ttl 64, id 20094, offset 0, flags [none], proto ICMP (1), length 29)
                    192.168.100.2 > 192.168.100.1: ICMP echo request, id 1650, seq 5427, length 9
                    11:15:34.922009 0c:b9:12:05:6b:80 > a0:36:9f:05:1e:a2, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 45511, offset 0, flags [none], proto ICMP (1), length 29)
                    192.168.100.1 > 192.168.100.2: ICMP echo reply, id 1650, seq 5427, length 9 (wrong icmp cksum ffff (->e45a)!)
                    11:15:35.424477 a0:36:9f:05:1e:a2 > 0c:b9:12:05:6b:80, ethertype IPv4 (0x0800), length 43: (tos 0x0, ttl 64, id 52722, offset 0, flags [none], proto ICMP (1), length 29)
                    192.168.100.2 > 192.168.100.1: ICMP echo request, id 1650, seq 5428, length 9
                    11:15:35.424801 0c:b9:12:05:6b:80 > a0:36:9f:05:1e:a2, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 45512, offset 0, flags [none], proto ICMP (1), length 29)
                    192.168.100.1 > 192.168.100.2: ICMP echo reply, id 1650, seq 5428, length 9 (wrong icmp cksum ffff (->e459)!)
                    11:15:35.925787 a0:36:9f:05:1e:a2 > 0c:b9:12:05:6b:80, ethertype IPv4 (0x0800), length 43: (tos 0x0, ttl 64, id 48387, offset 0, flags [none], proto ICMP (1), length 29)
                    192.168.100.2 > 192.168.100.1: ICMP echo request, id 1650, seq 5429, length 9
                    11:15:35.926037 0c:b9:12:05:6b:80 > a0:36:9f:05:1e:a2, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 45513, offset 0, flags [none], proto ICMP (1), length 29)
                    192.168.100.1 > 192.168.100.2: ICMP echo reply, id 1650, seq 5429, length 9 (wrong icmp cksum ffff (->e458)!)
                    11:15:36.426986 a0:36:9f:05:1e:a2 > 0c:b9:12:05:6b:80, ethertype IPv4 (0x0800), length 43: (tos 0x0, ttl 64, id 3152, offset 0, flags [none], proto ICMP (1), length 29)

                    ----------------------------
                    Some more information
                    ----------------------------

                    LAN --> PfSense --> Modem / Router (with DMZ for PfSense)

                    I send the ping from WAN and get no responce... Seems wierd. If i ping from LAN, still the same... If I Try to ping my Gateway (Modem/Router) from a computer on LAN, i get a responce... That's strange...

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S Offline
                      stephenw10 Netgate Administrator
                      last edited by

                      That pcap is on the WAN an those are the pfSense gateway monitoring pings? (the 0.5s interval looks like it is).
                      You should definitely try disabling checksum off loading as a test. Hard to imagine that being a problem on an i350 but...
                      That's in Sys > Adv > Networking.

                      Steve

                      AlexanderOFA 1 Reply Last reply Reply Quote 0
                      • AlexanderOFA Offline
                        AlexanderOF @stephenw10
                        last edited by

                        Turned off checksum offloading, still the same issue

                        18:24:33.524284 a0:36:9f:05:1e:a2 > 0c:b9:12:05:6b:80, ethertype IPv4 (0x0800), length 43: (tos 0x0, ttl 64, id 57871, offset 0, flags [none], proto ICMP (1), length 29)
                        192.168.100.2 > 192.168.100.1: ICMP echo request, id 40946, seq 883, length 9
                        18:24:33.524538 0c:b9:12:05:6b:80 > a0:36:9f:05:1e:a2, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 31165, offset 0, flags [none], proto ICMP (1), length 29)
                        192.168.100.1 > 192.168.100.2: ICMP echo reply, id 40946, seq 883, length 9 (wrong icmp cksum ffff (->5c9a)!)
                        18:24:34.026282 a0:36:9f:05:1e:a2 > 0c:b9:12:05:6b:80, ethertype IPv4 (0x0800), length 43: (tos 0x0, ttl 64, id 57893, offset 0, flags [none], proto ICMP (1), length 29)
                        192.168.100.2 > 192.168.100.1: ICMP echo request, id 40946, seq 884, length 9
                        18:24:34.026550 0c:b9:12:05:6b:80 > a0:36:9f:05:1e:a2, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 31166, offset 0, flags [none], proto ICMP (1), length 29)
                        192.168.100.1 > 192.168.100.2: ICMP echo reply, id 40946, seq 884, length 9 (wrong icmp cksum ffff (->5c99)!)
                        18:24:34.527551 a0:36:9f:05:1e:a2 > 0c:b9:12:05:6b:80, ethertype IPv4 (0x0800), length 43: (tos 0x0, ttl 64, id 41793, offset 0, flags [none], proto ICMP (1), length 29)
                        192.168.100.2 > 192.168.100.1: ICMP echo request, id 40946, seq 885, length 9
                        18:24:34.527796 0c:b9:12:05:6b:80 > a0:36:9f:05:1e:a2, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 31167, offset 0, flags [none], proto ICMP (1), length 29)
                        192.168.100.1 > 192.168.100.2: ICMP echo reply, id 40946, seq 885, length 9 (wrong icmp cksum ffff (->5c98)!)
                        18:24:35.029281 a0:36:9f:05:1e:a2 > 0c:b9:12:05:6b:80, ethertype IPv4 (0x0800), length 43: (tos 0x0, ttl 64, id 5582, offset 0, flags [none], proto ICMP (1), length 29)
                        192.168.100.2 > 192.168.100.1: ICMP echo request, id 40946, seq 886, length 9
                        18:24:35.029547 0c:b9:12:05:6b:80 > a0:36:9f:05:1e:a2, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 31168, offset 0, flags [none], proto ICMP (1), length 29)

                        I can provide the whole cap file if you wish. I just don't want to spam the forums with the pcap output

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S Offline
                          stephenw10 Netgate Administrator
                          last edited by

                          Is it actually disabled? What does ifconfig -vvvma show for the WAN?

                          AlexanderOFA 1 Reply Last reply Reply Quote 0
                          • AlexanderOFA Offline
                            AlexanderOF @stephenw10
                            last edited by AlexanderOF

                            igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
                            description: Internet
                            options=8100b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER>
                            capabilities=f53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6>
                            ether a0:36:9f:05:1e:a2
                            inet6 fe80::a236:9fff:fe05:1ea2%igb0 prefixlen 64 scopeid 0x1
                            inet 192.168.100.2 netmask 0xffffff00 broadcast 192.168.100.255
                            media: Ethernet autoselect (1000baseT <full-duplex>)
                            status: active
                            supported media:
                            media autoselect
                            media 1000baseT
                            media 1000baseT mediaopt full-duplex
                            media 100baseTX mediaopt full-duplex
                            media 100baseTX
                            media 10baseT/UTP mediaopt full-duplex
                            media 10baseT/UTP
                            nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

                            Here is the output of the command.

                            (Removed igb1 from the post, since you only asked for wan.)

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S Offline
                              stephenw10 Netgate Administrator
                              last edited by

                              Hmm, yeah that all looks fine.

                              If you ping the gateway from something else behind pfSense and capture those packets do they show a bad checksum?

                              Hard to explain what you're seeing there...

                              Steve

                              AlexanderOFA 1 Reply Last reply Reply Quote 0
                              • AlexanderOFA Offline
                                AlexanderOF @stephenw10
                                last edited by

                                Seems like it doesn't

                                19:32:46.407862 a0:36:9f:05:1e:a2 > 0c:b9:12:05:6b:80, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 60933, offset 0, flags [DF], proto ICMP (1), length 84)
                                192.168.100.2 > 192.168.100.1: ICMP echo request, id 64834, seq 1, length 64
                                19:32:46.408197 0c:b9:12:05:6b:80 > a0:36:9f:05:1e:a2, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 39305, offset 0, flags [none], proto ICMP (1), length 84)
                                192.168.100.1 > 192.168.100.2: ICMP echo reply, id 64834, seq 1, length 64
                                19:32:47.421991 a0:36:9f:05:1e:a2 > 0c:b9:12:05:6b:80, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 61047, offset 0, flags [DF], proto ICMP (1), length 84)
                                192.168.100.2 > 192.168.100.1: ICMP echo request, id 64834, seq 2, length 64
                                19:32:47.422265 0c:b9:12:05:6b:80 > a0:36:9f:05:1e:a2, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 39306, offset 0, flags [none], proto ICMP (1), length 84)
                                192.168.100.1 > 192.168.100.2: ICMP echo reply, id 64834, seq 2, length 64
                                19:32:48.445945 a0:36:9f:05:1e:a2 > 0c:b9:12:05:6b:80, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 61302, offset 0, flags [DF], proto ICMP (1), length 84)
                                192.168.100.2 > 192.168.100.1: ICMP echo request, id 64834, seq 3, length 64
                                19:32:48.446194 0c:b9:12:05:6b:80 > a0:36:9f:05:1e:a2, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 39307, offset 0, flags [none], proto ICMP (1), length 84)
                                192.168.100.1 > 192.168.100.2: ICMP echo reply, id 64834, seq 3, length 64

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S Offline
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  Hmm, well there is always the possibility that it is actually a bad checksum, though I've never seen that before. Except that the values it's showing imply it's not able to see a checksum at all:
                                  wrong icmp cksum ffff

                                  You tried swapping WAN to a different port?

                                  AlexanderOFA 1 Reply Last reply Reply Quote 0
                                  • AlexanderOFA Offline
                                    AlexanderOF @stephenw10
                                    last edited by

                                    I am currently away from my machine, but can try this again when I am there. I think that the last time I tried this it did not work but I will swap them just to make sure

                                    AlexanderOFA 1 Reply Last reply Reply Quote 0
                                    • AlexanderOFA Offline
                                      AlexanderOF @AlexanderOF
                                      last edited by

                                      By the way, is there any way I can fix a bad checksum on a card (if my card has a bad checksum)?

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S Offline
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        You can (somehow) end up with a bad firmware checksum on the card but that's not the same thing as being unable to read incoming packet checksums.
                                        Hard to see what could cause that.

                                        AlexanderOFA 2 Replies Last reply Reply Quote 0
                                        • AlexanderOFA Offline
                                          AlexanderOF @stephenw10
                                          last edited by AlexanderOF

                                          This post is deleted!
                                          1 Reply Last reply Reply Quote 0
                                          • AlexanderOFA Offline
                                            AlexanderOF @stephenw10
                                            last edited by

                                            I changed the WAN port and i still have the same issue. The WAN port is now the onboard intel lan that my motherboard has.

                                            11:10:52.483720 70:85:c2:88:89:5f > 0c:b9:12:05:6b:80, ethertype IPv4 (0x0800), length 43: (tos 0x0, ttl 64, id 37908, offset 0, flags [none], proto ICMP (1), length 29)
                                            192.168.100.2 > 192.168.100.1: ICMP echo request, id 42553, seq 654, length 9
                                            11:10:52.484110 0c:b9:12:05:6b:80 > 70:85:c2:88:89:5f, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 64, id 2509, offset 0, flags [none], proto ICMP (1), length 29)

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.