Allow ICMP echo request on WAN
-
I understood your question =) You just didn't understand my answer.
I'm not sending ICMP echo packets from a computer that's on a private network.
I have also tried removing the "block private networks" option and it still didn't work.
I still see the dropped ICMP packets in the firewall log.
-
You just didn't understand my answer.
I understood your answer, but it didn't seem to include any information that would answer the specific question I posed. I hope you get it figured out.
-
just tried it … works for me.
you sure you don't have a block rule that matches first and thus renders your pass rule useless?
-
why don't you post your wan rules via a pic of them.. And do you have any floating rules?
And your not behind a NAT?? You have public IP on your pfsense wan, not rfc1918
And click on your firewall entry - what is blocking it?
-
My pfSense is ny NAT so to speak. It's connected to my ISP and no other firewalling in between.
I have some floating rules but those were generated by the wizard when setting up QoS. I have tried disabling these aswell (sigh. disabling 50 rows of floating rules..)
I did once try to click the red (x) like you show in your picture to check what rule is actually blocking ICMP and it shows up empty.
![Firewall WAN.png](/public/imported_attachments/1/Firewall WAN.png)
![Firewall WAN.png_thumb](/public/imported_attachments/1/Firewall WAN.png_thumb) -
So did you change the rule to just icmp.. And what is your floating rules? So you click the red x and you get empty box? Well clearly that is not right.
Just because its connected to your "isp" doesn't mean your isp is giving you a public IP.. What does the first 2 octets of your wan interface.. Mine are 24.13 for example.. This is IP from comcast.
Please post up your floating tab..
-
Ah yes i forgot to answer that aswell.
It is a public IP that i get on my pfsense machine.
80.245.xxx.xxx
I did try to change it to just ICMP and not just specific for the echo request. And same result.
-
Ok so.
I changed it to ICMP / any. And nothing happened (i've tried it before).
And i just thought that i should reboot the machine.
And now ping is working.
Sigh… (and yes i have clicked apply changes a thousand times)
-
I'd like to thank everyone who tried to help =)
So here it is.
Thank you =)
-
so now when you look at the blocked stuff do you get what rule applied, did you ever try reloading the rules? Seems like your apply was not happening.
-
Yes now when i click them in the firewall log i actually see a name.
Never did try a proper reload no.
Thanks =)
-
Whenever you run into an issue with firewall rules not working, if your trying to block something flush the states. Ir your trying to put in a new rule that doesn't seem to work then do a reload. Or yeah reboot does it too ;)
That you were not seeing what rule was blocking the traffic something was clearly not right, so a reload prob would of fixed it - or your reboot does the same thing