[Solved]first pfsense and strange behaviour

boiss007

Hello all :D,
So i have installed my first PFsense on a ESXi host, with only 1 NIC and i configured it like this :

See attachement

So PFSense on WAN, bridged to OPT1 where my servers will live.
from internet i can access my debian server on OPT1 (ssh, apache2, ftp…)
but my server cannot ping (ping 8.8.8.8 result in 100% packet loss) or resolve any url (cannot resolve address)
So i guess i must have missed something...

I just made the minimal rules on PFSense :
OPT1 : PASS IPv4 from any to any BUT LAN
WAN : PASS IPv4 from any to OPT1 net
PASS IPv4 from OPT1 net to any

I just dont see what i missed (i'm a newbie with VMW and pfsense) and a server that cant download a package or access a url is less useful :-
So please if u have an idea of where i went wrong, any hint will help...

![clean VM-network.png](/public/imported_attachments/1/clean VM-network.png)
![clean VM-network.png_thumb](/public/imported_attachments/1/clean VM-network.png_thumb)

boiss007

Here are some ping testing from PFsense Packet Capture insterface (protocol ICMP only)

Capture from Interface OPT1


12:38:59.891058 IP IP-FO-Server1 > 8.8.8.8: ICMP echo request, id 4204, seq 1, length 64
12:39:00.898531 IP IP-FO-Server1 > 8.8.8.8: ICMP echo request, id 4204, seq 2, length 64
12:39:01.906502 IP IP-FO-Server1 > 8.8.8.8: ICMP echo request, id 4204, seq 3, length 64
12:39:02.914502 IP IP-FO-Server1 > 8.8.8.8: ICMP echo request, id 4204, seq 4, length 64
12:39:03.922424 IP IP-FO-Server1 > 8.8.8.8: ICMP echo request, id 4204, seq 5, length 64
12:39:04.930410 IP IP-FO-Server1 > 8.8.8.8: ICMP echo request, id 4204, seq 6, length 64
12:39:05.938376 IP IP-FO-Server1 > 8.8.8.8: ICMP echo request, id 4204, seq 7, length 64
12:39:06.946329 IP IP-FO-Server1 > 8.8.8.8: ICMP echo request, id 4204, seq 8, length 64

Capture from WAN

12:39:41.751302 IP IP-FO-PFSense > 8.8.8.8: ICMP echo request, id 2017, seq 4, length 64
12:39:41.760281 IP 8.8.8.8 > IP-FO-PFSense: ICMP echo reply, id 2017, seq 4, length 64
12:39:41.760302 IP 8.8.8.8 > IP-FO-Server1: ICMP echo reply, id 4205, seq 4, length 64
12:39:42.751243 IP IP-FO-PFSense > 8.8.8.8: ICMP echo request, id 2017, seq 5, length 64
12:39:42.760257 IP 8.8.8.8 > IP-FO-PFSense: ICMP echo reply, id 2017, seq 5, length 64
12:39:42.760278 IP 8.8.8.8 > IP-FO-Server1: ICMP echo reply, id 4205, seq 5, length 64
12:39:43.751228 IP IP-FO-PFSense > 8.8.8.8: ICMP echo request, id 2017, seq 6, length 64
12:39:43.760213 IP 8.8.8.8 > IP-FO-PFSense: ICMP echo reply, id 2017, seq 6, length 64

So WAN receive the response but it doesnt make it to OPT1

boiss007

Just tested with Advanced=>Firewall/Nat=>Disable all packet filtering and I suddenly can connect to the outside world… So its definitively a rule somewhere and i really need to find it....

boiss007

::) So while trying about everything i put the NAT Outbound Rule back on auto and… everything works fine.... :-[
I didn't even remembered I had changed it... Morality : check and recheck everything before complaining....