Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
can not ping OPNSENSE firewall???
« previous
next »
Print
Pages: [
1
]
Author
Topic: can not ping OPNSENSE firewall??? (Read 20937 times)
Nasrum Minallah Manzoor
Newbie
Posts: 9
Karma: 0
can not ping OPNSENSE firewall???
«
on:
December 18, 2018, 11:04:59 am »
Hi,
i have installed two OPNSENSE firewall.
One firewall has LAN IP of 172.16.1.1 and the other firewall has LAN IP of 172.16.2.1
ping fails from 1st firewall (172.16.1.1) to 2nd firewall (172.16.2.1)
ping successes from 2nd firewall (172.16.2.1) to 1st firewall (172.16.1.1)
why i am not getting ping in first scenario???
Any help would be highly appreciated.
Regards,
Nasrum Minallah
Logged
myksto
Full Member
Posts: 106
Karma: 6
Re: can not ping OPNSENSE firewall???
«
Reply #1 on:
December 18, 2018, 11:59:26 am »
Well, let me think about it a little bit.
Normally two hosts in two dìfferent subnets can't see each other unless they are between a router who routes their subnets just to make them communicate.
Now, you should describe your scenario better:
where phisically are installed those 2 firewall (same building, same office)?
if in the same office why the need of two firewall?
is there a router between them?
have you configured any static route in both firewalls? If yes, how did you do that?
Please provide these basic information as a beginning.
Cheers,
Michele.
Logged
bartjsmit
Hero Member
Posts: 1978
Karma: 193
Re: can not ping OPNSENSE firewall???
«
Reply #2 on:
December 18, 2018, 07:04:53 pm »
Hi Nasrum,
Have you disabled 'block private networks' on the WAN interface(s)?
Bart...
Logged
Nasrum Minallah Manzoor
Newbie
Posts: 9
Karma: 0
Re: can not ping OPNSENSE firewall???
«
Reply #3 on:
December 19, 2018, 07:06:59 am »
Yes bart "block private networks" is disabled on wan interface
Nasrum Minallah
Logged
Nasrum Minallah Manzoor
Newbie
Posts: 9
Karma: 0
Re: can not ping OPNSENSE firewall???
«
Reply #4 on:
December 19, 2018, 07:10:29 am »
myksto dear i am using router in between two firewalls.
both are installed in the same building for load balancing purpose and hardware failover as well.
Logged
bartjsmit
Hero Member
Posts: 1978
Karma: 193
Re: can not ping OPNSENSE firewall???
«
Reply #5 on:
December 19, 2018, 07:47:52 am »
Hi Nasrum,
If ping works one way but not the other, and your routing is fairly simple then routing is unlikely to be your issue. You could have some asymmetric routes but if ping routes there and back one way, then the reverse will be fine.
That leaves NAT and firewall rules. Check that the rules are symmetrical between the two firewalls.
Finally, test with different ping configurations. Enable SSH and open a shell with option 8 to each firewall. Use the ping -S option to try with different source IP addresses, and observe the packet stream on the target with Interfaces, Diagnostics, Packet Capture.
Wireshark is your friend ;-)
Bart...
Logged
Dicolla
Newbie
Posts: 4
Karma: 0
Re: can not ping OPNSENSE firewall???
«
Reply #6 on:
December 19, 2018, 01:58:23 pm »
Maybe this tip can helps to fix this problem...
I had problems when trying PING to the firewall....When I started the firewall, for a few moments the PING worked and then few seconds after it stops to respond. From inside the OpnSense I could PING my Desktop but from my Desktop can not PING the Firewall..
My default "Default allow LAN to any rule" was disable because I want to control all the traffic that cames from my LAN to my WAN.
So, I had to create a specific rule to allow ICMP traffic:
Action: Pass
Interface: LAN
Protocol: ICMP
ICMP type: Echo Request
Source: LAN net
Destination: This Firewall
description: Allow Ping
After this ( and this is important ) I need to run "States reset" ( Firewall->Diagnostics->Stated Reset ) to finally get the correct response of the PING to my Desktop.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
can not ping OPNSENSE firewall???