strange icmp behaviour
-
For test purposes i have a pfsense with 2 nics (LAN and LAN2) connected to a 2 switches
PFSENSE LAN: 192.168.10.254/24
PFSENSE LAN2: 192.168.20.254/24
I have two computers (PC1 and PC2) attached to each switch.
PC1: 192.168.10.1/24 GW: 192.168.10.254
PC2: 192.168.20.1/24 GW: 192.168.20.254cThe network diagram is more or less like this:
The rules in PFSENSE are this (LAN and LAN2):
I have only allowed ICMP protocol (for ping) from LAN to LAN2
ie: ping from PC1 to PC2
Explicitly blocked ICMP protocol from LAN2 to LAN:
ie: ping from PC2 to PC1Testing this scenario confuses me, because:
.- If i start the ping from PC2 to PC1 there is no reply from PC1 (it works as it should). I leave the ping works continuous (-t)
.- If i start the ping from PC1 to PC2 there are replys from PC2 (it works as it should) but suddenly the ping from PC2 to PC1 appears reply. ?¿Can someone explains this strange behaviour?
-
@chuchi2k2 well since icmp is a stateless protocol, but with stateful firewall still want to keep track.. So it creates states..
I would guess that once you create the pseudo state when you ping from pc1 to pc2, that his state is allowing the traffic from pc2 to pc1
Here pinging from my lan to my dmz (192.168.3) you can see states on both the lan and dmz interface being created to track this traffic.
edit: I just tried duplicating your test, started a ping from 3.32 to 9.100, fails - left it running and started a ping from 9.100 to 3.32 which works, but the other ping was still failing.
