I too am struggling with this for last several weeks....
Yesterday, I noticed an interesting observation which may have some clue to
solving....
To map the Virtual IP using NAT, we need a static IP on the LAN or DMZ side.
When I used the Mac address based DHCP (in LAN as well as DMZ) to give my
server a fix IP address and NAT this fixed IP to Virtual IP.
I noticed that all my pings magically started to work. I also had a ICMP rule
set on each interface which was
any/any/anyany/any/anyany/any/anyany/any/anyany/any/any ....7 ways to sunday
Stupid but hey this is test...
I broke this rule down to similar rule for each zone...
Like one for LAN ==> DMZ
then for DMZ ===>LAN
Then for WAN ====> LAN
and for LAN ===> WAN
I think the static IP or Fixed IP obtained for DHCP is likely a suspect area..
I will tighten my ICMP rule to allow only echo and destination not reachable
once it is fully debugged...
Another suggestion will be to use LOG and make it like the log for even those
driven by policy..
BTW, is there a place we can find the defualt rule /default policy ..
Status >> System Logs >> Settings Tab
=====>> Log packets blocked by the default rule
Tim Dickson <[EMAIL PROTECTED]> wrote: ICMP not Replying on Virtual IPs
What kind of NAT are you using?
If it is port forward youll have to forward the packets as well as adding
the rule to your Wan ruleset
If it is 1:1 it should work for you as long as then respond correctly within
your network
-tim
From: Ron Lemon [mailto:[EMAIL PROTECTED]
Sent: Monday, March 31, 2008 12:06 PM
To: [email protected]
Subject: [pfSense Support] ICMP not Replying on Virtual IPs
I have setup a rule to allow all ICMP types from any source any port to any
destination on any port via any gateway.
If I ping my WAN IP it responds correctly.
My WAN link also has 6 Virtual Ips of type other configured. I can access
the resources via NAT that are on these virtual Ips but when I ping one of them
I never get a response. What else do I need to do to get the virtual Ips to
respond to ICMP requests.
Thanks
Ron.
