Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't ping or http pfSense from outside

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    2 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pc_dude
      last edited by

      I'm migrating my network to a new ISP and for the first time I needed to create my own firewall from scratch, so I desided to give pfSense a try.  I'm a total newb and I need help already.  :-\

      I have my pfSense running on an old pc using a static IP with 2 additional virtual IPs.

      I have another pc running on the inside that I've been using to configure the box through the webGUI.  Also the PC uses the firewall as a gateway for internet access which is working perfectly.
      I set up my virtual IP then set up NAT to pass standard port 80 traffic to my box on the inside that I'm running IIS on.

      Then I tried to access the webpage using my old network which is on the outside trying to access one of the virtual IPs.  It didn't work.  :(
      I also, realized then that I can't ping either my firewall or the new virtual IP.

      So, I spoke with my ISP and they say they can see that the IPs reside on the firewall, even rattled of the MAC address of my pc.  They simply said that my firewall was the reason for the traffic not passing.

      Did I miss something during setup?  Is there a default setting somewhere that says simply deny all incoming activity?

      Thanks so much in advance for any help!

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        Just a few quick notes-

        1. All inbound traffic is denied by default.
        2. When you create a port-forward, there is an option to create the firewall rule. It's checked by default.
        3. To ping the firewall, you would need to add a rule on the WAN to allow ICMP to the WAN address.
        4. If you are using proxy-arp VIPs and port-forwards, the VIPs will not be pingable, even with ICMP allowed.
        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.