4. ICMP traffic not being caught by allow all?

ICMP traffic not being caught by allow all?

  • M

    Hello,

    I'm setting up a very small environment with a pfsense box as my gateway. It has 1 LAN interface and 1 WAN. I have two questions:

    1. Under firewall rules, just below the automatic lockout rule I have a rule: Protocol/ipv4, any protocol from any source going to any destination on any protocol, hitting my default gateway. For some reason ICMP traffic is not working. Looking at system logs > firewall, I can't see anything listed with my LAN source IP, and using the ping diagnostics I can ping correctly from my WAN. How can I troubleshoot this?

    2. When I change my gateway on matching firewall rules from default to LAN, it kills traffic. I expect this to be what it's using when I set it to default. I also expect to be able to change this to a VPN as my gateway and get traffic routed across it. What am I missing?

    0
  • Rebel Alliance Developer Netgate

    You should not have a gateway on your LAN interface. Deselect the gateway from Interfaces > LAN and delete it from System > Routing.

    LAN is a gateway, it does not have a gateway. Having a gateway set on LAN made the system think LAN is a WAN so it did not generate a proper set of outbound NAT rules automatically. Setting the broken gateway on the LAN rules doubled down on the broken routing.

    Fix the gateway and you'll have no problems.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy