Info outbound nat and icmp traffic
-
Hi there,
I have been struggling trying to understand why icmp traffic is not working anymore since I removed the outbound nat on my pfsense box. ( Firewall-Nat-Outbound tab-Manual Outbound NAT rule generation)
My setup is fairly simple :
http://img804.imageshack.us/img804/6351/52871307.jpg
On a default setup ( nat enabled for outbound on PFsense ), HOST1 could access via icmp, tcp, udp HOST2, no problem.
Then I realized that I didn't need two natS ( on pfsense and on GW which is my provider's modem/router ), so I removed the outbound NAT on PF, keeping the Firewall function though ( which is where pfsense does the magic ).Now, I have added a default route on HOST2 and GW so they are aware of the LAN network ( for returning packets ), so far so good. I can access HOST2 via tcp and udp, but not via icmp.
By doing some analysis using tcpdump I found that:
- on PFsense wan and lan I can see echo request going FROM HOST1 to HOST2 ( but not coming back )
- on HOST2 I can see echo request and echo reply going to HOST1
But somewhere in between the packet gets dropped ( I assume before entering the WAN on PFsense )
Again, with tcp and udp it's fine, so I presume it must be some settings related to the protocol type.
Configurationwise:- lan can access everything, and traffic established from WAN to LAN is permitted only for few ports, but being this traffic originated from the lan the packet should be granted the access to the lan.
Funny thing is that pinging the GW it's ok instead. ( it's worth saying that GW is the default gw for PFsense )
Do you guys have an idea ?
Thanks in advance.