Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Subnet config question

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    8 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Joschide
      last edited by

      Hello.  New to pfSense and I'm trying to set up a lab on an existing network to evaluate.  I can ping all the way to WAN gateway including other boxes just outside of the pfSense firewall, but no further like the commonly used IP 8.8.8.8.

      Here's the set up:
      1.)  Internet
      2.)  Firewall 1 (192.168.0.1/24) (pfSense gateway)
      3.)  vmWare vm pfSense (3 Interfaces)
            WAN - (192.168.0.222/24)
            LAN - (Not used in this example)
            LANSandbox - (192.168.12.1/24)

      I've tried everything on this link:
      https://doc.pfsense.org/index.php/Connectivity_Troubleshooting

      I can't get further than trying to ping 8.8.8.8.

      Any help will be appreciated.

      Thanks,
      Joschi

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        How are you pinging, from some LANSandbox client or from pfSense's Diagnostics - Ping?  If you can ping past the pfSense box then the problem is likely upstream with your other firewall.

        1 Reply Last reply Reply Quote 0
        • J
          Joschide
          last edited by

          @KOM:

          How are you pinging, from some LANSandbox client or from pfSense's Diagnostics - Ping?  If you can ping past the pfSense box then the problem is likely upstream with your other firewall.

          From Diagnostics.  I've also tried from the client.

          I monitored the ping requests from Firewall 1 and they were allowed.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            OK, so are the responses being received by your pfSense WAN interface?

            1 Reply Last reply Reply Quote 0
            • J
              Joschide
              last edited by

              I have a question on that.  I don't see the diagnostic pings in the firewall logs.  I do however, see the ping requests from client.  Is that by design?

              The ping requests from the client are allowed or passed.  If I filter for WAN interface and ICMP protocol, I do not see any log entries.  Is there a better way to see if WAN is receiving the ICMP responses?

              Thanks,
              Joschi

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                If you ping from pfsense diag, and your saying its allowed on firewall in front of pfsense.  Simple sniff tells you if pings actually left pfsense, and if you see a response.  If you see them leave, and you don't get a response then your problem is in front of pfsense.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  I have a question on that.  I don't see the diagnostic pings in the firewall logs.

                  You will only see a block msg if the rule that does the blocking is set to log.  Also, if the ping is successful then there is no blocking and therefore no logging.

                  I do however, see the ping requests from client.

                  Unless you have added a firewall rule to allow traffic on your LANSandbox interface (OPT1?) out, all traffic from that network should be blocked and logged.

                  Just do a Diagnostics - Packet Capture on the WAN and see if you ping replies are even hitting pfSense.

                  1 Reply Last reply Reply Quote 0
                  • J
                    Joschide
                    last edited by

                    It turns out I was missing a static route on Firewall 1.  I checked this yesterday, but must have made a mistake somewhere.  Anyways, problem solved.

                    Thank you for your responses,
                    Joschi

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.