cannot ping wan interface ip



  • Hi experts, I am first time user of this software and hope to get some help ...

    home network (10.1.1.0/24) with unifi router between cox to home (10.1.1.1 - home network gw)
    two hyper-v hosts, each with 2 NICs, one of the NIC dedicated to hyper-v guest (virtual switch) with VLAN tagging turned on, VLAN1(10.1.1.x), VLAN 2 (10.2.2.x)
    cisco gs350 managed switch with port 7/8 configured as trunk - plugged in the hyper-v dedicated NIC, port 1 (VLAN1) connect to home network switch
    before introduce pfsense, VMs inside both hosts can talk to each other within their VLAN but it cannot communicate cross VLAN

    • installed pfsense in a VM with 2 virtual NICs, one tagged to VLAN1 (hn0), another tagged VLAN2 (hn1)
      in the setup, select hn0 as wan, give it 10.1.1.10 with upstream gateway 10.1.1.1, hn1 as LAN, give it 10.2.2.10
      [after this default setup, I am able to ping any hosts in 10.1.1.x from 10.2.2.x, also able to manage pfsense using web interface only using 10.2.2.10, but from any PC in 10.1.1.x, I cannot even ping 10.1.1.10, of course not anything from 10.2.2.x]
      .... looks like one direction routing
      I googled and tried to disable the firewall and NAT - this broke almost all so I have to revert it back, I also added firewall rules in WAN to allow anything to pass ...

    please help - thanks a million!


  • LAYER 8 Global Moderator

    You understand pfsense would be natting right, and all unsolicated inbound traffic on its wan yes would be blocked. If you want to allow ping to pfsense wan, then you would have to create a rule.

    Also if your going to be pinging from rfc1918 as your source, you would have to remote the block rfc1918 rule.

    Here this allows ping to pfsense WAN ip
    allowpingwan.png



  • Thank you so much, johnpoz!!!
    after adding that rule I am able to ping 10.1.1.10 (wan address) ...
    routing still not happening ... what do i need to do to allow pc in 10.1.1.x to ping pc in 10.2.2.x?


Log in to reply