Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ICMP filtered

    Scheduled Pinned Locked Moved IPv6
    9 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jycai
      last edited by jycai

      I enabled IPv6 on pfSense 2.4.3, everything was working fine. Test-ipv6.com gave 10/10. However it showed ICMP filtered on http://ipv6-test.com/.

      So I went ahead and add a firewall rule to allow IPv4+IPv6 ICMP to pass through, but it still show ICMP filtered.

      Any idea how to solve this problem?

      IsaacFLI 1 Reply Last reply Reply Quote 0
      • IsaacFLI
        IsaacFL @jycai
        last edited by

        @jycai it may be your client. Windows by default filters icmp in its firewall. Try an iPhone if you can it doesn’t filter.

        J 1 Reply Last reply Reply Quote 1
        • J
          jycai @IsaacFL
          last edited by

          @isaacfl I tried both Iphone and Samsung, it still showed ICMP filtered on http://ipv6-test.com with the score of 18/20. So it must be the setting in pfsense.

          IsaacFLI J 2 Replies Last reply Reply Quote 0
          • IsaacFLI
            IsaacFL @jycai
            last edited by

            @jycai if you see it filtered on the iPhone then you have your firewall rules not quite right on pfsense. It doesn’t allow anything through by default.

            1 Reply Last reply Reply Quote 0
            • J
              jycai @jycai
              last edited by

              This is how I Setup IPv6 on Charter Cable with pfSense 2.4.3, can anyone tell me what is missing so I can fix this ICMP filtered issu?

              1. Setup System/Advanced/Networking
                IPv6 Options: Allow IPv6
                0_1530288017689_pfSense_Ipv6_System_Advanced_Networking.jpg

              2.Setup WAN
              For the WAN interface, set the following:
              IPv4 Configuration Type: DHCP
              IPv6 Configuration Type: DHCP6
              0_1530288043979_pfSense_Ipv6_WAN_1.jpg

              DHCP6 Client Configuration

              DHCPv6 Prefix Delegation size: 64
              0_1530288071526_pfSense_Ipv6_WAN_2.jpg

              1. Setup LAN
                On the LAN settings page, use the following settings:
                IPv6 Configuration Type: Track Interface
                0_1530288149085_pfSense_Ipv6_LAN_1.jpg

              Track IPv6 Interface: WAN
              IPv6 Prefix ID: 0
              0_1530288163698_pfSense_Ipv6_LAN_2.jpg

              1. Add ICMP rule in firewall
                0_1530288175692_pfSense_Ipv6_firewall_rule_1.jpg

              2. Reboot!
                Reboot pfsense.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                If you want to allow icmp inbound to your clients then you have to allow that - your rule is just allowing icmp to wan IP, not clients using ipv6 behind the firewall.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                J 1 Reply Last reply Reply Quote 1
                • J
                  jycai @johnpoz
                  last edited by

                  @johnpoz said in ICMP filtered:

                  If you want to allow icmp inbound to your clients then you have to allow that - your rule is just allowing icmp to wan IP, not clients using ipv6 behind the firewall.

                  Could you please tell me how to do that? Thanks.

                  IsaacFLI 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    Just like any other rule you would do.. Here is example of me allowing traffic ipv6 into my ntp server on ipv6, and also allowing traceroute into it.

                    For you using track on your lan, you could just use the ipv6 and lan net as destination

                    0_1530295171358_ipv6allow.png

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    1 Reply Last reply Reply Quote 0
                    • IsaacFLI
                      IsaacFL @jycai
                      last edited by

                      @jycai Here is my WAN rule for ICMP

                      0_1530296084677_wanicmp.PNG

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.