[Solved] Another ping problem

KiaN

Hi,

I have a problem with my home pfSense : I cant ping my WAN IP adress. It's quite strange, because I created a rule for my office pfSense installation to accept ping from specified IP adresses, and it worked, whereas on my home pfSense it wont work.

Here is the firewall log :
BLOCKED Nov 27 15:01:21 WAN 62.210.xxx.xxx 82.245.xxx.xxx ICMP

And the icon says :
@62 BLOCK DROP IN QUICK ALL LABEL "DEFAULT BLOCK ALL JUST TO BE SURE"

My firewall rule :
**ICMP  62.210.xxx.xxx  *  *  *  ***

I have no explicit blocking rules, except the defaults RFC 1918 networks and reserved/not assigned by IANA and the firewall seems to act as if my ICMP rule did not exist :(

This is quite annoying because I wand to issue a rsync from 62.210.xxx.xxx to a computer behind  pfSense, using BackupPC, and BackupPC wont start to rsync unless it can ping the remote location.

hoba

Your rule order is correct? Move that rule to the very top of the WAN rules. Does it work then?

KiaN

It is now the first firewall rule, and it still wont ping :(

sai

@KiaN:

It is now the first firewall rule, and it still wont ping :(

On the WAN interface, right? :-)

Another thought: your WAN interface is static, not DHCP?

maybe posting a screen shot of your rules would help.

KiaN

@sai:

On the WAN interface, right? :-)

Sure :)

Another thought: your WAN interface is static, not DHCP?

My WAN interface is DHCP but my IP address is static.

Maybe posting a screen shot of your rules would help.

That may be useful ;)

sai

well that should work.  You are able to access the pfSense webgui from the outside?

Could you try changing the destination IP address from 'Any' to 'WAN Address'?

This is something that you should do on the rules labeled 'pdSense Interface' also (for security reasons)

It could be that your ISP is blocking ICMP inbound. Do they give you a modem or router ? if yes then try pinging that from the outside and also from your pfSense.

KiaN

@sai:

well that should work.  You are able to access the pfSense webgui from the outside?

I can, no problem.

Could you try changing the destination IP address from 'Any' to 'WAN Address'?

Ok … I tried. Did not change anything :(

It could be that your ISP is blocking ICMP inbound. Do they give you a modem or router ? if yes then try pinging that from the outside and also from your pfSense.

I dont think so. When I had IPcop, I had no ping problem, and I tried direct Internet connection and I can ping too.

This situation is very strange.

yoda715

@KiaN:

Here is the firewall log :
BLOCKED Nov 27 15:01:21 WAN 62.210.xxx.xxx 82.245.xxx.xxx ICMP

And the icon says :
@62 BLOCK DROP IN QUICK ALL LABEL "DEFAULT BLOCK ALL JUST TO BE SURE"

My firewall rule :
**ICMP  62.210.xxx.xxx  *  *  *  ***

You may not have an explicit deny rule, but there is a default deny for all rules when they are not explicitly passed. That being said, something is wrong with your current rule that is causing the icmp traffic to not match that rule, and therefore make it all the way down to the implicit deny rule.

I would double check you have the source IP correct. If you do, try opening source to any and see if you get replies. If you do, set that rule to log and see if you've got the source ip correct.

Also, what version of pfsense are you running?

KiaN

pfSense 1.0, I still did not find the time to upgrade. Nevertheless, my problem is solved : I rebooted the box, and now everything works fine … I dont understand but nevermind.

KiaN

Ok, now I get it :

@hoba:

Btw, you should upgrade to 1.0.1. 1.0 had a really annoying bug where rules sometimes were not reloaded.

yoda715

@KiaN:

Ok, now I get it :

@hoba:

Btw, you should upgrade to 1.0.1. 1.0 had a really annoying bug where rules sometimes were not reloaded.

Yep, tis why I asked what version you were running. Glad to hear its working now :).