ICMP traffic not being caught by allow all?

Firewalling
Log in to reply
  • M

    Hello,

    I'm setting up a very small environment with a pfsense box as my gateway. It has 1 LAN interface and 1 WAN. I have two questions:

    1. Under firewall rules, just below the automatic lockout rule I have a rule: Protocol/ipv4, any protocol from any source going to any destination on any protocol, hitting my default gateway. For some reason ICMP traffic is not working. Looking at system logs > firewall, I can't see anything listed with my LAN source IP, and using the ping diagnostics I can ping correctly from my WAN. How can I troubleshoot this?

    2. When I change my gateway on matching firewall rules from default to LAN, it kills traffic. I expect this to be what it's using when I set it to default. I also expect to be able to change this to a VPN as my gateway and get traffic routed across it. What am I missing?

    0
  • jimp
    Rebel Alliance Developer Netgate

    You should not have a gateway on your LAN interface. Deselect the gateway from Interfaces > LAN and delete it from System > Routing.

    LAN is a gateway, it does not have a gateway. Having a gateway set on LAN made the system think LAN is a WAN so it did not generate a proper set of outbound NAT rules automatically. Setting the broken gateway on the LAN rules doubled down on the broken routing.

    Fix the gateway and you'll have no problems.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy