Subnet config question
-
Hello. New to pfSense and I'm trying to set up a lab on an existing network to evaluate. I can ping all the way to WAN gateway including other boxes just outside of the pfSense firewall, but no further like the commonly used IP 8.8.8.8.
Here's the set up:
1.) Internet
2.) Firewall 1 (192.168.0.1/24) (pfSense gateway)
3.) vmWare vm pfSense (3 Interfaces)
WAN - (192.168.0.222/24)
LAN - (Not used in this example)
LANSandbox - (192.168.12.1/24)I've tried everything on this link:
https://doc.pfsense.org/index.php/Connectivity_TroubleshootingI can't get further than trying to ping 8.8.8.8.
Any help will be appreciated.
Thanks,
Joschi -
How are you pinging, from some LANSandbox client or from pfSense's Diagnostics - Ping? If you can ping past the pfSense box then the problem is likely upstream with your other firewall.
-
@KOM:
How are you pinging, from some LANSandbox client or from pfSense's Diagnostics - Ping? If you can ping past the pfSense box then the problem is likely upstream with your other firewall.
From Diagnostics. I've also tried from the client.
I monitored the ping requests from Firewall 1 and they were allowed.
-
OK, so are the responses being received by your pfSense WAN interface?
-
I have a question on that. I don't see the diagnostic pings in the firewall logs. I do however, see the ping requests from client. Is that by design?
The ping requests from the client are allowed or passed. If I filter for WAN interface and ICMP protocol, I do not see any log entries. Is there a better way to see if WAN is receiving the ICMP responses?
Thanks,
Joschi -
If you ping from pfsense diag, and your saying its allowed on firewall in front of pfsense. Simple sniff tells you if pings actually left pfsense, and if you see a response. If you see them leave, and you don't get a response then your problem is in front of pfsense.
-
I have a question on that. I don't see the diagnostic pings in the firewall logs.
You will only see a block msg if the rule that does the blocking is set to log. Also, if the ping is successful then there is no blocking and therefore no logging.
I do however, see the ping requests from client.
Unless you have added a firewall rule to allow traffic on your LANSandbox interface (OPT1?) out, all traffic from that network should be blocked and logged.
Just do a Diagnostics - Packet Capture on the WAN and see if you ping replies are even hitting pfSense.
-
It turns out I was missing a static route on Firewall 1. I checked this yesterday, but must have made a mistake somewhere. Anyways, problem solved.
Thank you for your responses,
Joschi
