Ping pfSense from WAN (Virtual IP)

  • As nearly as I can tell this question has been asked dozens of times, but never answered succinctly.

    How can you make pfSense 2.3 respond to ICMP requests from the WAN?  -  There is no ICMP protocol choice in the NAT!

  • Rebel Alliance

    Firewall -> WAN

    Add Rule -> Protocol ICMP

    Does this not work?

  • Rebel Alliance Developer Netgate

    It depends on the virtual IP and your NAT settings.

    If you want pfSense, the firewall, to respond to the pings to its WAN IP or an IP alias VIP or a CARP VIP, simply add a firewall rule to the WAN to pass ICMP echo requests in to the IP address you want as a destination.

    If you use 1:1 NAT on a VIP, add a firewall rule to pass ICMP echo requests to the private/internal IP of the 1:1 NAT.

    If you use a virtual IP and port forwards and want the target host to respond using ICMP, you'll need pfSense 2.1 (currently in RC) as ICMP is not a choice for port forward protocols in 2.0.x

  • Thank all of you for the replies.

    Yes I need to wait for 2.1 to easily accomplish what I truly want.
    I can create rules for ICMP, just not NAT.

    I have enabled ICMP on the WAN, that will work for now.