Text only | Text with Images

OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: kite on November 28, 2024, 04:46:51 AM

Title: PING -S can't work
Post by: kite on November 28, 2024, 04:46:51 AM
I found a strange problem, when ping the LAN address, It's still use the PPPOE public IP address as src address, even if I specify the source address user ping -S lan addr. When the LAN gateway is not opnsense, it cannot be pinged. when disconnect pppoe,then ping is ok.
opnsense lan addr is 192.168.100.123, PC is 192.168.100.66。PC ping opnsense is ok.

ping -S 192.168.100.123 192.168.100.66

the capture:

Frame 1: 98 bytes on wire (784 bits), 98 bytes captured (784 bits)

Frame 1: 98 bytes on wire (784 bits), 98 bytes captured (784 bits)
Ethernet II, Src: FreeBSDFound_10:f3:0f (58:9c:fc:10:f3:0f), Dst: HonHaiPrecis_8d:78:cc (1c:66:6d:8d:78:cc)
    Destination: HonHaiPrecis_8d:78:cc (1c:66:6d:8d:78:11)
    Source: FreeBSDFound_10:f3:0f (58:9c:fc:10:f3:0f)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: XX1.72.73.XXX, Dst: 192.168.100.66
Internet Control Message Protocol


my opnsense version is OPNsense 24.7.9_1-amd64
it's amazing...............
Title: Re: PING -S can't work
Post by: Patrick M. Hausen on November 28, 2024, 09:28:18 AM
Do you have a gateway set in the interface configuration of LAN?
Title: Re: PING -S can't work
Post by: kite on November 28, 2024, 10:28:21 AM
Quote from: Patrick M. Hausen on November 28, 2024, 09:28:18 AM
Do you have a gateway set in the interface configuration of LAN?

did not set gatewary for this interface。thks for reply
Title: Re: PING -S can't work
Post by: kite on December 03, 2024, 01:58:51 AM
root@OPNsense_J1900:~ # ping -S 192.168.100.123 192.168.100.1
PING 192.168.100.1 (192.168.100.1) from 192.168.100.123: 56 data bytes
^C
--- 192.168.100.1 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
root@OPNsense_J1900:~ # ping -S 192.168.100.123 192.168.100.66
PING 192.168.100.66 (192.168.100.66) from 192.168.100.123: 56 data bytes
64 bytes from 192.168.100.66: icmp_seq=0 ttl=128 time=0.413 ms
^C
--- 192.168.100.66 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.413/0.413/0.413/0.000 ms
root@OPNsense_J1900:~ #


some ip can ping ,some can't
Title: Re: PING -S can't work
Post by: Patrick M. Hausen on December 03, 2024, 09:22:02 AM
Some IPs might have a firewall and not answer to ping - like Windows - and some might not  ;)
Title: Re: PING -S can't work
Post by: kite on December 11, 2024, 01:31:08 AM
I found the reason. Since the ping source addresses were all WAN IP address, I suspected that the NAT rule was being prioritized. I checked the NAT settings , it's selected the Mixed mode. I also added a rule for the LAN subnet. After remove this rule, PING worked normally.
Text only | Text with Images