1:1 NAT and ping



  • I need to open a connection from the WAN to a specific device on the LAN. Almost everything works and according to what I have read, ping should also work.

    I have a VIP for a second public IP address x.x.x.20 from my ISP. Originally, it was set to Proxy ARP, but I changed it to CARP. I have a 1:1 NAT from .20 to my internal device 192.168.1.201. Currently, the internal device is a PC I am using for testing. I created a WAN rule of * * * 192.168.1.201 * *. This should open everything. I put a FTP server on the test PC. I can access it. So stuff is being forwarded. But I can't ping .20. I tried adding a second rule ICMP * * 192.168.1.201 * *, but that didn't help. I have the log on for the above rules. I can see the FTP in the log, but nothing from the ping. I read that ping only works with CARP, so I changed to that. Do I need to reboot pfsense? There is a Cisco box provided by the ISP. Could that be the problem? Could it be blocking ping? It is supposed to be configured as a pass through or bridge device.

    BTW: I can ping the test PC from within the LAN.

    Thanks
    David



  • What version of pfSense are you running?  This thread may be relevant.



  • Sorry. Forgot about that. Release 1.2.3.

    David



  • Cry Havok,

    I read your reference post. I require ping to work because it is a requirement from the group that I support. They use ping as a connectivity test. Its their standard and I have no control.

    David


  • Rebel Alliance Developer Netgate

    Have you disabled any local client firewall on that PC? Windows Vista/7 block ping from outside their subnet by default, iirc.



  • As I suspected, my ISP is blocking ping. Thanks for the help.

    David


Locked