LAN pings and External IP
-
I cannot ping pfsense LAN IPs. When I ping external IPs, I do get ICMP replies.
What part of pfsense do I need to enable to get ICMP replies on the LAN ips ?
TIA
-
You probably need to add the rules that allow ICMP on each LAN interface that you have. By default, only the first LAN has such a rule called the Default allow LAN to any rule. All other LANs will not have such a rule and no traffic will pass from that LAN to any other. I'm guessing because you haven't really provided enough information to tell what you mean. You can't ping which LAN IPs? From where? You can ping external IPs, from where? How many LANs do you have? Have you added or modified any default rules?
-
Proto Source Port Destination Port Gateway Queue Schedule Description
–------------------------------------------------------------------------------------------------- * * LAN Address 80 22 * * Rule1
IPv4 * * * * * * none Default allow LAN to any rule
Here are the first 2 rules on LAN.
I am guessing it is matches on the first rule, and since the first rule says port 80 and 22 only then ICMP is not allowed and it never gets to RULE2 ? - * * LAN Address 80 22 * * Rule1
-
It may not be a pfsense problem at all. Perhaps your LAN clients are not allowing ICMP on their individual firewalls?
-
I cannot ping pfsense LAN IPs. When I ping external IPs, I do get ICMP replies.
What part of pfsense do I need to enable to get ICMP replies on the LAN ips ?
TIA
Where are you trying to ping from?
-
Derelict
What I often see is a guy with a couple of windows machines running on his LAN assuming that machine A should automatically be able to ping machine B if pfsense is "allowing all" on the LAN. But this isn't always the case since most of the time windows isn't allowing ICMP and even linux distros with firewall on default to block it usually.
If this isn't the case, then maybe start tinkering with pfsense.
-
Yeah. I get that. I'm just wondering from the OP if he's not trying to ping LAN interface IPs from outside. Chances are if the LAN rules allow pings to WAN IPs, pings to LAN address would also be allowed.
-
Assuming you are trying to ping the LAN address from a client in the LAN subnet.
The default configuration should allow that.However it looks like you've changed the protocol from 'any' to TCP. Try changing it back or adding a rule to allow ICMP.Steve
-
Really? I'm not seeing TCP. I just see IPV4.
Am I missing something simple? -
Doh! :-[
-
haha - well take comfort in knowing that your simple mistakes are the only mistakes I could spot (-;
