Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    cannot ping wan interface ip

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 390 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pursca
      last edited by

      Hi experts, I am first time user of this software and hope to get some help ...

      home network (10.1.1.0/24) with unifi router between cox to home (10.1.1.1 - home network gw)
      two hyper-v hosts, each with 2 NICs, one of the NIC dedicated to hyper-v guest (virtual switch) with VLAN tagging turned on, VLAN1(10.1.1.x), VLAN 2 (10.2.2.x)
      cisco gs350 managed switch with port 7/8 configured as trunk - plugged in the hyper-v dedicated NIC, port 1 (VLAN1) connect to home network switch
      before introduce pfsense, VMs inside both hosts can talk to each other within their VLAN but it cannot communicate cross VLAN

      • installed pfsense in a VM with 2 virtual NICs, one tagged to VLAN1 (hn0), another tagged VLAN2 (hn1)
        in the setup, select hn0 as wan, give it 10.1.1.10 with upstream gateway 10.1.1.1, hn1 as LAN, give it 10.2.2.10
        [after this default setup, I am able to ping any hosts in 10.1.1.x from 10.2.2.x, also able to manage pfsense using web interface only using 10.2.2.10, but from any PC in 10.1.1.x, I cannot even ping 10.1.1.10, of course not anything from 10.2.2.x]
        .... looks like one direction routing
        I googled and tried to disable the firewall and NAT - this broke almost all so I have to revert it back, I also added firewall rules in WAN to allow anything to pass ...

      please help - thanks a million!

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        You understand pfsense would be natting right, and all unsolicated inbound traffic on its wan yes would be blocked. If you want to allow ping to pfsense wan, then you would have to create a rule.

        Also if your going to be pinging from rfc1918 as your source, you would have to remote the block rfc1918 rule.

        Here this allows ping to pfsense WAN ip
        allowpingwan.png

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • P
          pursca
          last edited by

          Thank you so much, johnpoz!!!
          after adding that rule I am able to ping 10.1.1.10 (wan address) ...
          routing still not happening ... what do i need to do to allow pc in 10.1.1.x to ping pc in 10.2.2.x?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.