[Solved] Can't ping from my pc to wan ip



  • Hello,

    I've just installed a pfSense 2.3.4 on the BareMetal Server of the SoftLayer.
    After setting the interface IP address, I could ping pfSense to 8.8.8.8 external internet.
    However, I keep failed ping from my local pc to pfSense wan ip.

    When I check through filter logs of pfSense, I could check pfSense get packet that I sent.
    I assume that some firewall blocks my request.

    Please help me this issue.

    • ping test
      fail: my pc –-----> internet ---------> pfSense wan ip
      success: pfSense wan ip -----------> internet ----------> 8.8.8.8

    Than kyou.



  • +1

    I can't do that neither.

    C:\Documents and Settings\Gertjan.BUREAU>ping 82.127.34.254
    
    Envoi d'une requête 'ping' sur 82.127.34.254 avec 32 octets de données :
    
    Délai d'attente de la demande dépassé.
    Délai d'attente de la demande dépassé.
    Délai d'attente de la demande dépassé.
    Délai d'attente de la demande dépassé.
    
    Statistiques Ping pour 82.127.34.254:
        Paquets : envoyés = 4, reçus = 0, perdus = 4 (perte 100%),
    

    Actually, my case is worse. I even don't know why I should be able to ping my "WAN IP" - what do I win with that ??

    Pinging to "8.8.8.8" works for me, because …... THEY (the IP 8.8.8.8) is set up to reply to ping ;)
    (so, set up a firewall rule on your WAN interface to reply to ping ..... and you'll see ^^)

    edit : I presume your WAN interface has the WAN IP, and not some local IP, with another modem or router in front of pfSense.


  • Netgate

    All traffic from the outside into WAN (including ICMP/pings) is blocked by default.

    To enable that traffic you need to add a pass rule to your WAN interface that passes ICMP (at least echo requests) from any source with a destination of WAN address.



  • Exact !

    Now I can :

    root@ns311465:~# ping 82.127.34.254
    PING 82.127.34.254 (82.127.34.254) 56(84) bytes of data.
    64 bytes from 82.127.34.254: icmp_seq=1 ttl=55 time=23.7 ms
    64 bytes from 82.127.34.254: icmp_seq=2 ttl=55 time=23.7 ms
    64 bytes from 82.127.34.254: icmp_seq=3 ttl=55 time=23.5 ms
    .....
    

    Works great.

    Still can't ping my WAN ( 82.127.34.254 ) from my LAN (but I don't care).


  • Netgate

    That generally works by default. You must have a LAN rule that blocks that traffic somehow.



  • Thank you all,

    I didn't know that "All traffic from the outside into WAN (including ICMP/pings) is blocked by default."
    I access to WEB UI through LAN and add a pass rule to WAN interface.

    Finally, I access to WEB UI. That was my purpose.



  • @saejan7:

    I didn't know that "All traffic from the outside into WAN (including ICMP/pings) is blocked by default."

    I advise you to read a wiki page (the original) about this word : "firewall" ;)

    pfSense uses a FreeBSD firewall, and by default all traffic is blocked on ANY interface.
    So, pfSense introduced an exception : on the FIRST interface (and only that one) called "LAN", there is an invisible "PASS-all" rule.
    That"s why you can connect from LAN to the WebGUI.
    Otherwise you should have activate a serial (or USB-to-serial) connection to your pfSense device to talk to it initially. And yet, that interface does not permit you to add firewall rules easily.

    @saejan7:

    I access to WEB UI through LAN and add a pass rule to WAN interface.
    Finally, I access to WEB UI. That was my purpose.

    You always had access to the WebGUI using the LAN interface.
    "ping" even works (replies) there.
    …. and now you can access it from WAN ?
    Fine to me, but understand that this is not done. Never (except when one is in the learning phase). Those who know why just don"t, those who did .... well.... they didn't stay around long time ....



  • on the FIRST interface (and only that one) called "LAN", there is an invisible "PASS-all" rule

    The rule is not invisible - it is an ordinary rule that is put on LAN in the default config. Netadmins can delete it if they like.