1:1 NAT and ping
-
I need to open a connection from the WAN to a specific device on the LAN. Almost everything works and according to what I have read, ping should also work.
I have a VIP for a second public IP address x.x.x.20 from my ISP. Originally, it was set to Proxy ARP, but I changed it to CARP. I have a 1:1 NAT from .20 to my internal device 192.168.1.201. Currently, the internal device is a PC I am using for testing. I created a WAN rule of * * * 192.168.1.201 * *. This should open everything. I put a FTP server on the test PC. I can access it. So stuff is being forwarded. But I can't ping .20. I tried adding a second rule ICMP * * 192.168.1.201 * *, but that didn't help. I have the log on for the above rules. I can see the FTP in the log, but nothing from the ping. I read that ping only works with CARP, so I changed to that. Do I need to reboot pfsense? There is a Cisco box provided by the ISP. Could that be the problem? Could it be blocking ping? It is supposed to be configured as a pass through or bridge device.
BTW: I can ping the test PC from within the LAN.
Thanks
David -
What version of pfSense are you running? This thread may be relevant.
-
Sorry. Forgot about that. Release 1.2.3.
David
-
Cry Havok,
I read your reference post. I require ping to work because it is a requirement from the group that I support. They use ping as a connectivity test. Its their standard and I have no control.
David
-
Have you disabled any local client firewall on that PC? Windows Vista/7 block ping from outside their subnet by default, iirc.
-
As I suspected, my ISP is blocking ping. Thanks for the help.
David
