Ping from wrong interface

gabedoss

I'll try and explain this the best I can. I have pfSense running on a Hamakua box from Netgate, with version 1.2.3. The firewall has three networks connected to it–two private and one public IP. It has been stable and running for close to a year.

Interface Labels:
WAN
LAN
SDNet

Over the past week an issue has come up where sporadically (no pattern I have yet been able to identify) I cannot reach IPs on the SDNet subnet from the LAN subnet. While troubleshooting this I ran pings from the LAN interface to an address on the SDNet subnet and the pings failed. However, when I look at the packet capture output run during the ping, the ping originates from the SDNet interface, not the LAN interface as I would expect.

Also, reviewing the logs on the syslog server show many ICMP replies from the SDNet subnet IP address in question to the LAN interface IP, but I do not see any originating LAN interface IP ICMP requests.

Does anyone have any thoughts on this issue?

Thank you

cmb

When you ping from an internal interface out of a WAN, it NATs it to that WAN's IP, which is what has to happen for things to function. You can configure outbound NAT to not NAT specifically in that case, but that's usually not going to work (no route on public hosts back to your private IP subnet) and not desirable.

gabedoss

That makes sense in a LAN to WAN situation, but this is LAN to LAN situation where each LAN has an interface on the same pfSense device.