Print Page - How to allow ping on WAN ?

Title: How to allow ping on WAN ?
Post by: hushcoden on January 13, 2021, 08:04:58 AM

Can someone please advise on how I can allow ping on the WAN side?

I'm trying to set up an external service which in order to work must receive a ping response from my WAN address.

Tia.

Title: Re: How to allow ping on WAN ?
Post by: hushcoden on January 13, 2021, 11:29:25 AM

perhaps I found out how to do it, i.e. need a firewall rule:

Action: Pass
Interface: WAN
Protocol: ICMP
ICMP type: Echo Request
Source: any
Destination: WAN address
Description: Allow ping on WAN

Can someone please confirm if it's the correct one?

Tia.

Title: Re: How to allow ping on WAN ?
Post by: bartjsmit on January 13, 2021, 11:32:29 AM

Quote from: hushcoden on January 13, 2021, 11:29:25 AM
Can someone please confirm if it's the correct one?

Yes that's right. Make sure you pick at least IPv4 for the protocol. IPv6 relies heavily on ICMP so you may as well include that.

Bart...

Title: Re: How to allow ping on WAN ?
Post by: hushcoden on January 13, 2021, 02:30:19 PM

Thanks.

Title: Re: How to allow ping on WAN ?
Post by: mihak on January 14, 2021, 03:06:10 AM

Depending on your needs, but it is typically better to limit ICMP by source address (who can ping you) then by type of ICMP (what control messages you allow).

By allowing Echo requests only but not other ICMP types, you might get some unpredictable results, especially if you start adding tunnels (IPv6 tunnel, VPN tunnel)...

So, relax your ICMP Type a bit - allow *all* ICMP types of traffic, but limit it to known/required IP sources.

OPNsense Forum

English Forums => General Discussion => Topic started by: hushcoden on January 13, 2021, 08:04:58 AM