Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: nutonas on May 16, 2019, 10:37:43 AM

Title: ICMP
Post by: nutonas on May 16, 2019, 10:37:43 AM
Hi,

Our ISP needs to ping our firewall and i created rule on WAN interface where allows ICMP traffic from ISP ip.

Proto           Source                   Port    Destination                Port    Gateway    Schedule    Description    
IPv4 ICMP    ISP_IP/24    *  OUR_FIREWALL_WAN_IP/28    *    WANGW          

But problem that from ISP they dont get replays from our firewall. So the thing is that on firewall logs says that from ISP_IP passes ICMP to OUR_FIREWALL_WAN_IP:

filterlog: 90,,,0,bge0,match,pass,in,4,0x0,,60,0,0,DF,1,icmp,ISP_IP,OUR_FIREWALL_WAN_IP,datalength=64

But i if i filter in logs by our WAN ip there is no logged traffic with replay.

So can anyone help me to configure  properly this ICMP rule?
Title: Re: ICMP
Post by: andrewOPN on June 02, 2019, 08:56:48 PM
Hi,

for ICMP Ping to OPNsens WAN Interface try first this WAN Rule first:

Proto           Source                   Port    Destination                Port    Gateway    Schedule    Description   
IPv4 ICMP        *                           *              *                            *            *

Within this rule goto "Advanced Options (show/hide)" an check (enable) the "disable reply-to", you should now be able to ping the WAN Interface by itÅ› IP from any other ISP IP. If this works try your special settings for Source, Destination, Gateway,...
Text only | Text with Images