[pfSense Support] Pinging External address that's Port Forwarded to local addresses

[Andy Graybeal]

Hey folks,
Alright, I don't know if this is a PFSense thing or an iptables thing.
Forgive me if it happens to be iptables trouble.
I'd like to be able to ping some boxes inside my network and right now I 
can't.

50.42.0.34 is pingable (PFSense box)

50.42.0.35 is not pingable.
50.42.0.36 is not pingable.

35 and 36 are NAT'd, Port Fordwarded IP addresses linked to internal 
addresses.

I know these addresses are working because I can SSH to them just fine.

I can ping their internal addresses.

On the PFSense box's rules, I've opened up ICMP to everything.  I don't 
know how you guys notate PFSense's rules in the mail list, but here goes 
my simple rendition, I hope this aligns well for your mail clients.

WAN Rule regarding ICMP (near the top, just below the two default 
blocks, RFC 1918 and IANA):
Proto   Source  Port    Destination     Port    Gateway Schedule
ICMP    *       *       *               *       *       *

LAN Rule:
Proto   Source  Port    Destination     Port    Gateway Schedule
ICMP    *       *       *               *       *       *


Other than that I have no more ICMP rules on my system with PFSense

iptables says this:
andy@buddleia:/home/andy.graybeal$ sudo iptables -L
[sudo] password for andy:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24    state 
RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere            reject-with 
icmp-port-unreachable
REJECT     all  --  anywhere             anywhere            reject-with 
icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
andy@buddleia:/home/andy.graybeal$


I wish PF was available for linux, because I don't understand IPTables.

I would be grateful for any advice.

-Andy

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org