Ping: sendto: No Buffer space available
Hi dear pfSense powausers,
this is my first post on this forum. Please apologize me if I don't respect somehow rules established here… I will try to be as understandable as possible.
I'm trying to figure out how to create a simple firewall ruleset that would allow me from the SSH console of my brand new pfSense box to ping webserver on the Internet.
First, here's my setup :
INTERNET Provider 1 ----- Cisco Router |
| ---- pfSense Router ---- LAN
INTERNET Provider 2 ----- Zyxel Router |
Cisco Router is actually not up since Internet Provider 1 is still testing optical fiber
Zyxel WAN IP : 192.168.100.2
Zyxel LAN IP : 192.168.0.1
pfSense WAN IP : Statically configured, but actually down (no carrier)
pfSense OPT1 IP : 192.168.0.10 (dynamically attributed by Zyxel DHCP Server)
pfSense LAN IP : 192.168.1.1
WAN+OPT1 is configured as a gateway group with following priority :
WAN : tier1
OPT1 : tier2
I've got a computer on LAN that can access web, mail, ping, DNS Query, i.e everything from LAN to (WAN-OPT1) : everything works as expected.
My pb is the following (note, I'm connected on my pfSense box through SSH)
ping www.google.fr PING www.google.fr (188.8.131.52): 56 data bytes ping: sendto: No buffer space available ping: sendto: No buffer space available and so on....
I can execute DNS query from this pfSense box :
host example.com example.com has address 184.108.40.206 example.com has address 2001:500:88:200::10
But ping, traceroute (ICMP in general) seems to be denied.
Moreover, I wanted to see which packages are available, but the web GUI (/pkg_mgr.php) tells me :
Unable to communicate with www.pfsense.com. Please verify DNS and interface configuration, and that pfSense has functionnal Internet connectivity.
My question is : what firewall rule has to be created to allow traffic (any kind of traffic) directly issue by this router to access the whole Net ?
Thanks for reading.
Seems to be solved…
I changed OPT1 to default gateway under System -> Gateways -> Edit Gateway.
At the moment I can do all kind of traffic from SSH access without restriction.