Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    cannot ping wan interface ip

    Firewalling
    2
    3
    195
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pursca last edited by

      Hi experts, I am first time user of this software and hope to get some help ...

      home network (10.1.1.0/24) with unifi router between cox to home (10.1.1.1 - home network gw)
      two hyper-v hosts, each with 2 NICs, one of the NIC dedicated to hyper-v guest (virtual switch) with VLAN tagging turned on, VLAN1(10.1.1.x), VLAN 2 (10.2.2.x)
      cisco gs350 managed switch with port 7/8 configured as trunk - plugged in the hyper-v dedicated NIC, port 1 (VLAN1) connect to home network switch
      before introduce pfsense, VMs inside both hosts can talk to each other within their VLAN but it cannot communicate cross VLAN

      • installed pfsense in a VM with 2 virtual NICs, one tagged to VLAN1 (hn0), another tagged VLAN2 (hn1)
        in the setup, select hn0 as wan, give it 10.1.1.10 with upstream gateway 10.1.1.1, hn1 as LAN, give it 10.2.2.10
        [after this default setup, I am able to ping any hosts in 10.1.1.x from 10.2.2.x, also able to manage pfsense using web interface only using 10.2.2.10, but from any PC in 10.1.1.x, I cannot even ping 10.1.1.10, of course not anything from 10.2.2.x]
        .... looks like one direction routing
        I googled and tried to disable the firewall and NAT - this broke almost all so I have to revert it back, I also added firewall rules in WAN to allow anything to pass ...

      please help - thanks a million!

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by johnpoz

        You understand pfsense would be natting right, and all unsolicated inbound traffic on its wan yes would be blocked. If you want to allow ping to pfsense wan, then you would have to create a rule.

        Also if your going to be pinging from rfc1918 as your source, you would have to remote the block rfc1918 rule.

        Here this allows ping to pfsense WAN ip
        allowpingwan.png

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 22.05 | Lab VMs CE 2.6, 2.7

        1 Reply Last reply Reply Quote 0
        • P
          pursca last edited by

          Thank you so much, johnpoz!!!
          after adding that rule I am able to ping 10.1.1.10 (wan address) ...
          routing still not happening ... what do i need to do to allow pc in 10.1.1.x to ping pc in 10.2.2.x?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post