ICMP traffic not being caught by allow all?
-
Hello,
I'm setting up a very small environment with a pfsense box as my gateway. It has 1 LAN interface and 1 WAN. I have two questions:
-
Under firewall rules, just below the automatic lockout rule I have a rule: Protocol/ipv4, any protocol from any source going to any destination on any protocol, hitting my default gateway. For some reason ICMP traffic is not working. Looking at system logs > firewall, I can't see anything listed with my LAN source IP, and using the ping diagnostics I can ping correctly from my WAN. How can I troubleshoot this?
-
When I change my gateway on matching firewall rules from default to LAN, it kills traffic. I expect this to be what it's using when I set it to default. I also expect to be able to change this to a VPN as my gateway and get traffic routed across it. What am I missing?
-
-
You should not have a gateway on your LAN interface. Deselect the gateway from Interfaces > LAN and delete it from System > Routing.
LAN is a gateway, it does not have a gateway. Having a gateway set on LAN made the system think LAN is a WAN so it did not generate a proper set of outbound NAT rules automatically. Setting the broken gateway on the LAN rules doubled down on the broken routing.
Fix the gateway and you'll have no problems.
