Ping from wan to lan
-
I'm using pfsense community edition 2.3.2-RELEASE-p1 (i386) between my wan public address (x.y.z.52) and an internal windows (192.168.100.8) with the win firewall disabled.
I've a NAT 1:1 Mappings from my external IP (x.y.z.52) and my internal IP (192.168.100.8)
I've fwall rule1 that allow port 3389 (ms rdp) on the wan interface to the destination 192.168.100.8, pointing my external IP (x.y.z.52) from internet with a RDP client I RDP my win machine. It works!
I've fwall rule2 that allow protocol ICMP on the wan interface to the destination 192.168.100.8, pinging my external IP (x.y.z.52) from internet I do not obtain any answer. Why?
Thanks in advance -
1. Making RDP available on the public Internet isn't a great idea. Far better to configure OpenVPN and then connect that way.
2. Post screens of your NAT & WAN firewall rules with public IPs obscured so we can see what you're actually done.
-
Added to what @KOM said :
When you start to ping to 192.168.1.8 from your LAN device 192.168.1.100, does 192.168.1.8 reply on pings ?
What is in front of your pfSense ? It happens that ISP doesn't honor ping (replies) on your WAN IP. With tcpdump running on WAN, can you see the ping echo requests coming in ?
And of course this one :
Because you didn't take the time to upgrade (10 minutes or so ?) and you probably didn't parse through the 686 bugs being solved since version 2.3.2, you think that we - those who read your question - remember if any of these ancient bugs could be related to issue that you are experiencing right now ? To be honest, I don't have time neither the memory to read all these, and I guess I'm not alone ;) Very old versions could be kept around by experts for show-case scenarios or museum exposure, but not for daily usage.
I advise you to upgrade. You can still run into issues, but at least these will be current issues, and everybody on this forum can help you right away. -
thanks for your answers.
Pinging from LAN devices, 192.168.1.8 correctly reply on pings.
With tcpdump running on WAN, I do not see any ping echo requests coming in, so it seems that my ISP is blocking it.
I'm upgrading to version 2.3.3_1
Thanks again