Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [Solved] Can't ping from my pc to wan ip

    Installation and Upgrades
    4
    8
    6028
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      saejan7 last edited by

      Hello,

      I've just installed a pfSense 2.3.4 on the BareMetal Server of the SoftLayer.
      After setting the interface IP address, I could ping pfSense to 8.8.8.8 external internet.
      However, I keep failed ping from my local pc to pfSense wan ip.

      When I check through filter logs of pfSense, I could check pfSense get packet that I sent.
      I assume that some firewall blocks my request.

      Please help me this issue.

      • ping test
        fail: my pc –-----> internet ---------> pfSense wan ip
        success: pfSense wan ip -----------> internet ----------> 8.8.8.8

      Than kyou.

      1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan last edited by

        +1

        I can't do that neither.

        C:\Documents and Settings\Gertjan.BUREAU>ping 82.127.34.254
        
        Envoi d'une requête 'ping' sur 82.127.34.254 avec 32 octets de données :
        
        Délai d'attente de la demande dépassé.
        Délai d'attente de la demande dépassé.
        Délai d'attente de la demande dépassé.
        Délai d'attente de la demande dépassé.
        
        Statistiques Ping pour 82.127.34.254:
            Paquets : envoyés = 4, reçus = 0, perdus = 4 (perte 100%),
        

        Actually, my case is worse. I even don't know why I should be able to ping my "WAN IP" - what do I win with that ??

        Pinging to "8.8.8.8" works for me, because …... THEY (the IP 8.8.8.8) is set up to reply to ping ;)
        (so, set up a firewall rule on your WAN interface to reply to ping ..... and you'll see ^^)

        edit : I presume your WAN interface has the WAN IP, and not some local IP, with another modem or router in front of pfSense.

        No "help me" PM's please. Use the forum.

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          All traffic from the outside into WAN (including ICMP/pings) is blocked by default.

          To enable that traffic you need to add a pass rule to your WAN interface that passes ICMP (at least echo requests) from any source with a destination of WAN address.

          Chattanooga, Tennessee, USA
          The pfSense Book is free of charge!
          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • Gertjan
            Gertjan last edited by

            Exact !

            Now I can :

            root@ns311465:~# ping 82.127.34.254
            PING 82.127.34.254 (82.127.34.254) 56(84) bytes of data.
            64 bytes from 82.127.34.254: icmp_seq=1 ttl=55 time=23.7 ms
            64 bytes from 82.127.34.254: icmp_seq=2 ttl=55 time=23.7 ms
            64 bytes from 82.127.34.254: icmp_seq=3 ttl=55 time=23.5 ms
            .....
            

            Works great.

            Still can't ping my WAN ( 82.127.34.254 ) from my LAN (but I don't care).

            No "help me" PM's please. Use the forum.

            1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate last edited by

              That generally works by default. You must have a LAN rule that blocks that traffic somehow.

              Chattanooga, Tennessee, USA
              The pfSense Book is free of charge!
              DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • S
                saejan7 last edited by

                Thank you all,

                I didn't know that "All traffic from the outside into WAN (including ICMP/pings) is blocked by default."
                I access to WEB UI through LAN and add a pass rule to WAN interface.

                Finally, I access to WEB UI. That was my purpose.

                1 Reply Last reply Reply Quote 0
                • Gertjan
                  Gertjan last edited by

                  @saejan7:

                  I didn't know that "All traffic from the outside into WAN (including ICMP/pings) is blocked by default."

                  I advise you to read a wiki page (the original) about this word : "firewall" ;)

                  pfSense uses a FreeBSD firewall, and by default all traffic is blocked on ANY interface.
                  So, pfSense introduced an exception : on the FIRST interface (and only that one) called "LAN", there is an invisible "PASS-all" rule.
                  That"s why you can connect from LAN to the WebGUI.
                  Otherwise you should have activate a serial (or USB-to-serial) connection to your pfSense device to talk to it initially. And yet, that interface does not permit you to add firewall rules easily.

                  @saejan7:

                  I access to WEB UI through LAN and add a pass rule to WAN interface.
                  Finally, I access to WEB UI. That was my purpose.

                  You always had access to the WebGUI using the LAN interface.
                  "ping" even works (replies) there.
                  …. and now you can access it from WAN ?
                  Fine to me, but understand that this is not done. Never (except when one is in the learning phase). Those who know why just don"t, those who did .... well.... they didn't stay around long time ....

                  No "help me" PM's please. Use the forum.

                  1 Reply Last reply Reply Quote 0
                  • P
                    phil.davis last edited by

                    on the FIRST interface (and only that one) called "LAN", there is an invisible "PASS-all" rule

                    The rule is not invisible - it is an ordinary rule that is put on LAN in the default config. Netadmins can delete it if they like.

                    As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                    If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post