OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: jds on July 15, 2021, 10:33:06 pm

Title: [Solved] Unable to ping gateway from LAN
Post by: jds on July 15, 2021, 10:33:06 pm

I read problems in the forum involving dual WAN setups, but mine is not dual and pretty simple. The 'block private network' switch on WAN is not checked. Yet, I cannot ping the gateway from inside the LAN.  I must be missing something stupid, so any suggestions are likely to be useful, and certainly appreciated.

Title: Re: Unable to ping gateway from LAN even though private networks not blocked
Post by: bartjsmit on July 16, 2021, 07:30:11 am

Your issue is with anti-spoofing features on the firewall. The source IP is on the private ranges, it goes out to the WAN interface and is then attempting to open a connection with the public IP. From the shape that the traffic flow takes, this is called a 'hairpin' route. You can control this with the NAT reflection setting in OPNsense.

Next question is - why do you want to ping your external gateway? :)

There is a WAN health feature in the dashboard which lets you keep an eye on it. To confirm that you have good connectivity from inside your LAN, ping a known responder ( typically 8.8.8.8 ) or configure smokeping on an internal host.

Bart...

Title: Re: Unable to ping gateway from LAN even though private networks not blocked
Post by: jds on July 16, 2021, 11:23:19 am

Thanks for the response. This indeed looks useful. To answer your question: I don't! But a device on my network does. It checks that it is connected this way very frequently, and reboots the wifi connection if the ping comes back empty. Stupid, I know, but cannot be changed.

So, I think that I found the proper place: Firewall-> Settings->Advanced. There are three radio buttons dealing with reflection. I tried every permutation of enabling these, and saving settings, but none worked. I even tried enabling all three and rebooting, but still no success. Any ideas what I am missing?

Title: Re: Unable to ping gateway from LAN even though private networks not blocked
Post by: bartjsmit on July 16, 2021, 01:01:48 pm

Are you allowing ICMP on your WAN interface?

Try capturing some packets on the LAN and WAN side and check the firewall logs for deny entries.

Bart...

Title: Re: Unable to ping gateway from LAN even though private networks not blocked
Post by: jds on July 16, 2021, 03:22:07 pm

Yeah, it was ICMP. I made a pass rule in LAN like response#6 here: https://forum.opnsense.org/index.php?topic=10718.msg48955#msg48955 (https://forum.opnsense.org/index.php?topic=10718.msg48955#msg48955)

Thank you!

Title: Re: Unable to ping gateway from LAN even though private networks not blocked
Post by: jonm on July 18, 2021, 02:29:46 pm

Quote from: bartjsmit on July 16, 2021, 07:30:11 am

There is a WAN health feature in the dashboard which lets you keep an eye on it.

I can't see this on my system, can you tell me where it is please? Or do I need to enable something to make it appear?

Thanks.

Title: Re: [Solved] Unable to ping gateway from LAN
Post by: bartjsmit on July 18, 2021, 04:46:16 pm

Quote from: jonm on July 18, 2021, 02:29:46 pm

I can't see this on my system, can you tell me where it is please? Or do I need to enable something to make it appear?

Shows you how long I've had it enabled  :)

Dashboard, Add widget, Gateways

Bart...

Title: Re: [Solved] Unable to ping gateway from LAN
Post by: jonm on July 20, 2021, 02:53:43 pm

Got it, thanks  8)