OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: marekdes on September 21, 2016, 08:37:21 pm

Title: [solved] Strange ping behaviour
Post by: marekdes on September 21, 2016, 08:37:21 pm

LAN: 192.168.1.0/24
WAN: 192.168.2.1, 255.255.255.0, upstream gateway 192.168.2.253

Problem: WAN clients (i.e. a client with address from 192.168.2.0/24) cannot ping WAN interface.
But OPNsense is able to ping those WAN clients.
I ran tcpdump and found out that OPNsense is sending ping reply to upstream gateway instead of client itself - they are in same subnet!
Once I disable firewall, ping starts working (ping reply is sent to appropriate client).

Firewall has only 3 rules (except two default ones - block bogon and private networks):
1. accept any traffic from my workstation (I cannot ping WAN interface either, but I can manage OPNsense throught it)
2. accept any ICMP traffic
3. block any other traffic
4. enabled "Bypass firewall rules for traffic on the same interface"
5. floating rules - only default "Block all IPv6 traffic"
6. NAT: "Manual outbound NAT rule generation" with autocreated LAN -> WAN rule (192.168.1.0/24 -> 192.168.2.1)

Title: Re: Strange ping behaviour
Post by: franco on September 21, 2016, 08:48:58 pm

Hi marekdes,

Try Firewall: Settings: Advanced: check "Disable reply-to on WAN rules".


Cheers,
Franco

Title: Re: Strange ping behaviour
Post by: marekdes on September 22, 2016, 08:20:58 pm

Quote from: franco on September 21, 2016, 08:48:58 pm

Firewall: Settings: Advanced: check "Disable reply-to on WAN rules".

That was it! Thanks.