Text only | Text with Images

OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: jds on July 15, 2021, 10:33:06 PM

Title: [Solved] Unable to ping gateway from LAN
Post by: jds on July 15, 2021, 10:33:06 PM
I read problems in the forum involving dual WAN setups, but mine is not dual and pretty simple. The 'block private network' switch on WAN is not checked. Yet, I cannot ping the gateway from inside the LAN.  I must be missing something stupid, so any suggestions are likely to be useful, and certainly appreciated.
Title: Re: Unable to ping gateway from LAN even though private networks not blocked
Post by: bartjsmit on July 16, 2021, 07:30:11 AM
Your issue is with anti-spoofing features on the firewall. The source IP is on the private ranges, it goes out to the WAN interface and is then attempting to open a connection with the public IP. From the shape that the traffic flow takes, this is called a 'hairpin' route. You can control this with the NAT reflection setting in OPNsense.

Next question is - why do you want to ping your external gateway? :)

There is a WAN health feature in the dashboard which lets you keep an eye on it. To confirm that you have good connectivity from inside your LAN, ping a known responder ( typically 8.8.8.8 ) or configure smokeping on an internal host.

Bart...
Title: Re: Unable to ping gateway from LAN even though private networks not blocked
Post by: jds on July 16, 2021, 11:23:19 AM
Thanks for the response. This indeed looks useful. To answer your question: I don't! But a device on my network does. It checks that it is connected this way very frequently, and reboots the wifi connection if the ping comes back empty. Stupid, I know, but cannot be changed.

So, I think that I found the proper place: Firewall-> Settings->Advanced. There are three radio buttons dealing with reflection. I tried every permutation of enabling these, and saving settings, but none worked. I even tried enabling all three and rebooting, but still no success. Any ideas what I am missing?
Title: Re: Unable to ping gateway from LAN even though private networks not blocked
Post by: bartjsmit on July 16, 2021, 01:01:48 PM
Are you allowing ICMP on your WAN interface?

Try capturing some packets on the LAN and WAN side and check the firewall logs for deny entries.

Bart...
Title: Re: Unable to ping gateway from LAN even though private networks not blocked
Post by: jds on July 16, 2021, 03:22:07 PM
Yeah, it was ICMP. I made a pass rule in LAN like response#6 here: https://forum.opnsense.org/index.php?topic=10718.msg48955#msg48955 (https://forum.opnsense.org/index.php?topic=10718.msg48955#msg48955)

Thank you!
Title: Re: Unable to ping gateway from LAN even though private networks not blocked
Post by: jonm on July 18, 2021, 02:29:46 PM
Quote from: bartjsmit on July 16, 2021, 07:30:11 AM
There is a WAN health feature in the dashboard which lets you keep an eye on it.

I can't see this on my system, can you tell me where it is please? Or do I need to enable something to make it appear?

Thanks.
Title: Re: [Solved] Unable to ping gateway from LAN
Post by: bartjsmit on July 18, 2021, 04:46:16 PM
Quote from: jonm on July 18, 2021, 02:29:46 PM
I can't see this on my system, can you tell me where it is please? Or do I need to enable something to make it appear?

Shows you how long I've had it enabled  :)

Dashboard, Add widget, Gateways

Bart...
Title: Re: [Solved] Unable to ping gateway from LAN
Post by: jonm on July 20, 2021, 02:53:43 PM
Got it, thanks  8)
Text only | Text with Images