Unable to ping VIP [SOLVED]

  • Hiya,

    I have the following minor issue:

    Provider xs4all in the Netherlands gives us FttH through PPPoE through VLAN6. The PPPoE gets an address and all works. We have a routed /29 subnet available so I have added some IP's to the virtual IP's and I have done some outbound NAT on them. That works fine too. I can NAT to an inside machine using any IP I like and I can perform outbound NAT on any of these IPs.

    One thing I cannot do however, is ping the VIP addresses from externally. How can I make the firewall respond to ICMP on the VIP addresses? The WAN interface has ICMP echo-request from any Accept.

    Anyone who has a pointer in the right direction? I mean everything works but my OCD is nagging me for ping to respond on the VIP's..


  • What type of VIPs? You'll want them to be IP aliases on interface localhost in that case for that to work.

  • Firewall –> Virtual IP --> Add

    Type: IP Alias
    Address Type: Single Address

    It says here: https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses that IP Aliasses respond to ICMP..

  • You want interface localhost in the scenario you describe, where your subnet is routed to you.

  • Hi cmb, I've had the chance to test this and it works as expected :-)

    Thank you

Log in to reply