4. LAN pings and External IP

LAN pings and External IP

  • T

    I cannot ping pfsense LAN IPs.  When I ping external IPs, I do get ICMP replies.

    What part of pfsense do I need to enable to get ICMP replies on the LAN ips ?

    TIA

    0

  • You probably need to add the rules that allow ICMP on each LAN interface that you have.  By default, only the first LAN has such a rule called the Default allow LAN to any rule.  All other LANs will not have such a rule and no traffic will pass from that LAN to any other.  I'm guessing because you haven't really provided enough information to tell what you mean.  You can't ping which LAN IPs?  From where?  You can ping external IPs, from where?  How many LANs do you have?  Have you added or modified any default rules?

    0
  • T

    Proto  Source  Port      Destination        Port      Gateway  Queue Schedule Description
    –------------------------------------------------------------------------------------------------

    • *       * LAN Address 80 22 * *                   Rule1
      IPv4    *       * *                 *   * * none     Default allow LAN to any rule

    Here are the first 2 rules on LAN.
    I am guessing it is matches on the first rule, and since the first rule says port 80 and 22 only then ICMP is not allowed and it never gets to RULE2 ?

    0
  • K

    It may not be a pfsense problem at all.  Perhaps your LAN clients are not allowing ICMP on their individual firewalls?

    0
  • LAYER 8 Netgate

    @tux100:

    I cannot ping pfsense LAN IPs.  When I ping external IPs, I do get ICMP replies.

    What part of pfsense do I need to enable to get ICMP replies on the LAN ips ?

    TIA

    Where are you trying to ping from?

    0
  • K

    Derelict

    What I often see is a guy with a couple of windows machines running on his LAN assuming that machine A  should automatically be able to ping machine B if pfsense is "allowing all" on the LAN.  But this isn't always the case since most of the time windows isn't allowing ICMP and even linux distros with firewall on default to block it usually.

    If this isn't the case, then maybe start tinkering with pfsense.

    0
  • LAYER 8 Netgate

    Yeah.  I get that.  I'm just wondering from the OP if he's not trying to ping LAN interface IPs from outside.  Chances are if the LAN rules allow pings to WAN IPs, pings to LAN address would also be allowed.

    0
  • Netgate Administrator

    Assuming you are trying to ping the LAN address from a client in the LAN subnet.
    The default configuration should allow that. However it looks like you've changed the protocol from 'any' to TCP. Try changing it back or adding a rule to allow ICMP.

    Steve

    0
  • K

    Really?  I'm not seeing TCP.  I just see IPV4.
    Am I missing something simple?

    0
  • Netgate Administrator

    Doh!  :-[

    0
  • K

    haha - well take comfort in knowing that your simple mistakes are the only mistakes I could spot (-;

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy