Bryan, Everything pings inside… but nothing pings from outside.
If I get out of the confines of my subnet I cannot get a response. If I ping from another public server in my subnet it pings on WAN, if I do it from behind the firewall it does it on LAN. But from another server outside: nothing. X.1 pings without an issue on the WAN port. On Mar 3, 2014, at 2:29 PM, Bryan D. <[email protected]> wrote: > Is the VIP CARP or IP Alias? > > ... according to the VIP capabilities chart, they're the only VIP kinds that > can do ICMP: > https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses? > > Since we don't allow ping-response, I thought I'd test this theory. All 3 of > the following worked (LAN routing to internal system was previously setup): > > - I first created a Port Forward rule to allow pfSense to respond to WAN > pings: > WAN ICMP * * WAN address * 127.0.0.1 * WAN pings to pfSense > > - Then I created a Port Forward rule to allow pfSense to respond to pings on > one of the static VIP IPs: > WAN ICMP * * x.12 * 127.0.0.1 * static VIP pings to pfSense > > - Then I created a Port Forward rule to allow an internal system (which has a > system-level firewall that's configured to respond to pings) to respond to > the ping: > WAN ICMP * * x.13 * x.206 * static VIP pings to internal system > > > If that's not it, then someone else needs to chime in as you've exhausted my > knowledge in this area. > > > On 2014-Mar-03, at 7:59 AM, Ryan Coleman <[email protected]> wrote: > >> I’ve done this, but I won't route traffic out (NAT) until I have verifiable >> traffic coming in. >> >> The x.2 IP simply will not ICMP ping from outside the network (and, yes, I >> have it allowed). > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
