OPNsense Forum

English Forums => General Discussion => Topic started by: nutonas on May 16, 2019, 10:37:43 am

Title: ICMP
Post by: nutonas on May 16, 2019, 10:37:43 am

Hi,

Our ISP needs to ping our firewall and i created rule on WAN interface where allows ICMP traffic from ISP ip.

Proto           Source                   Port    Destination                Port    Gateway    Schedule    Description    
IPv4 ICMP    ISP_IP/24    *  OUR_FIREWALL_WAN_IP/28    *    WANGW          

But problem that from ISP they dont get replays from our firewall. So the thing is that on firewall logs says that from ISP_IP passes ICMP to OUR_FIREWALL_WAN_IP:

filterlog: 90,,,0,bge0,match,pass,in,4,0x0,,60,0,0,DF,1,icmp,ISP_IP,OUR_FIREWALL_WAN_IP,datalength=64

But i if i filter in logs by our WAN ip there is no logged traffic with replay.

So can anyone help me to configure  properly this ICMP rule?

Title: Re: ICMP
Post by: andrewOPN on June 02, 2019, 08:56:48 pm

Hi,

for ICMP Ping to OPNsens WAN Interface try first this WAN Rule first:

Proto           Source                   Port    Destination                Port    Gateway    Schedule    Description   
IPv4 ICMP        *                           *              *                            *            *

Within this rule goto "Advanced Options (show/hide)" an check (enable) the "disable reply-to", you should now be able to ping the WAN Interface by itś IP from any other ISP IP. If this works try your special settings for Source, Destination, Gateway,...