Messages

Thank you very much for your effort. I will try to make a fresh install again.

Just, i want to ask you that, is it anyway to re-configure the routes according to current interfaces and network structure? Is there any terminal code, shell script or any other?

Thanks,
Sincerely.

I have looked these over, and everything seems right.

My only guess is that it's a problem with some static gateway assignment on 192.168.21.10.  If the source that was pinging is outside the subnet, then it will route replies to the locally assigned gateway. (This is generally assigned through DHCP but can be overridden.)

I think you'll might need to use Wireshark or tcpdump on the interface that is being pinged to see the traffic to/from the interface. You can detect which path is failing and trace out the problem, but I would check the gateway on 192.168.21.10 first.

I will try this, thank you very much my friend.

I can't find any details on your hardware, is it virtual or real? Which type of interfaces?

It's a physical device with 4 interfaces. Similar to this device: https://www.aliexpress.com/item/32815457324.html

Another question: Have you ever enabled Intrusion Prevention?

No, I have never enabled IPS/IDS.

LAN (igb0) is shown as disconnected (no carrier). Is this expected / was it unplugged when taking the screenshot?

Yes, it's expected. I was trying other interfaces for testing.

Hi,

You are right, it's best way to share screen shots for my configuration.

Here's the Drive URL, you can check everything in here:
https://drive.google.com/drive/folders/1_tgwpCh8nAzGz0gMPBmgwXtyJOpQk2KO?usp=sharing

Additionally, my ISP provider gives me CGNAT IP, not static. I don't know, does this situation affects this problem?

Thanks everyone.

[From LAN to LAN (from Diagnostics):]

From LAN to LAN (from Diagnostics):

# /sbin/ping -S '192.168.21.1' -c '4' '192.168.21.10'
PING 192.168.21.10 (192.168.21.10) from 192.168.21.1: 56 data bytes
64 bytes from 192.168.21.10: icmp_seq=0 ttl=128 time=1.678 ms
64 bytes from 192.168.21.10: icmp_seq=1 ttl=128 time=1.599 ms
64 bytes from 192.168.21.10: icmp_seq=2 ttl=128 time=1.599 ms
64 bytes from 192.168.21.10: icmp_seq=3 ttl=128 time=1.618 ms

--- 192.168.21.10 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 1.599/1.623/1.678/0.032 ms

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

From LAN to OPT1 (from Diagnostics):

# /sbin/ping -S '192.168.21.1' -c '4' '10.10.10.25'
PING 10.10.10.25 (10.10.10.25) from 192.168.21.1: 56 data bytes
64 bytes from 10.10.10.25: icmp_seq=0 ttl=64 time=0.330 ms
64 bytes from 10.10.10.25: icmp_seq=1 ttl=64 time=0.308 ms
64 bytes from 10.10.10.25: icmp_seq=2 ttl=64 time=0.370 ms
64 bytes from 10.10.10.25: icmp_seq=3 ttl=64 time=0.454 ms

--- 10.10.10.25 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.308/0.366/0.454/0.056 ms

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

From OPT1 to LAN (from Diagnostics):

# /sbin/ping -S '10.10.10.1' -c '4' '192.168.21.10'
PING 192.168.21.10 (192.168.21.10) from 10.10.10.1: 56 data bytes

--- 192.168.21.10 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss

[unchecked]

Both of them are unchecked for all interfaces.

And you say the only rules you have are Protocol: Any Source: Any Destination: Any on both interfaces?

Yes, all the rules are as you metioned for LAN and OPT1.

Again: Why is WAN interface the second hop? IF you traceroute to 10.10.10.21? Did you try a fresh install? Would that be possible?

How do you assign IP addresses to the clients, via DHCP oder manually. Are you shure all this is correct? What about local firewalls of the clients, do they answer to pings from other machines at the same interface?

regards

I don't why WAN interface at the second loop. I've installed OpnSense several times. Result is same.

Both 2 interfaces assigns IP addresses via DHCP. Everything is OK; because when 2 machines in same network, no problem about pinging each other and accessing INTERNET.

Good point on the ping response... noticed some windows machined blocking ping response if the rules are not correctly.

When all the Laptops in same network (on same switch at OPT1 or LAN interface), both machines pings each other. There's no problem.

Hi,

I've tried it before.

From the Interface->Diagnostics->Ping:

OPT1 Interface and try pinging  192.168.21.1 -> It works
OPT1 Interface and try pinging  192.168.21.5 -> NOT WORKING

Hi everyone again,

I want to add that, my ISP doesn't provide IPv6 for my WAN.

When i checked https://ipv6test.google.com, it says that "You don't have IPv6, but you shouldn't have problems on websites that add IPv6 support."

Does this situation affect my internal network configuration? I'm configuring my OpnSense Firewall while my WAN Port is connected modem.

Thanks.

Hi Gary,

Both LAN and OPT1 Firewall Rules are: IPv4 ANY ANY, IPv6 ANY ANY. I put these rules because of this problem.

Also, i've checked the ICMP (ping) request from Firewall -> Log Files -> Live View, it's ALLOWED. Not blocked.

I don't know, if IPv6 affets it? All the configs for IPv6 is default after factory reset. Just only in LAN and OPT1 Interface, I've selected NONE for IPv6. (no static ip or dhcp6, just NONE).

Thanks you,
Kind regards.

Hi,

I can ping 10.10.10.1 successfully; but cannot ping 10.10.10.21

All the configuration parameters are default. It's really strange.

Regards.

[PING Result]

Hi everyone,

We've a fresh install with the latest version of OpnSense. I can ping devices from OPT1 -> to -> LAN; but i cannot ping from LAN -> to -> OPT1.

For e.g.:

Laptop in OPT1 has 10.10.10.21 IP address and can ping the other Laptop in LAN has 192.168.21.5 ip address. But, just the opposite doesn't work.

PING Result
PING 10.10.10.21 (10.10.10.21): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3

Traceroute Result
1  {myhostname.domain} (192.168.21.1)  0.620 ms  0.280 ms  0.302 ms
2  192.168.0.1 (192.168.0.1)  0.612 ms  0.529 ms  0.479 ms
3  * * *
4  * * *
5  * * *
6  * * *
7  * * *
8  * * *

I've configured the system from terminal and didn't make any changes in default configs after Wizard.

Here's the setup:

LAN (igb0)   -> v4: 192.168.21.1/24
OPT1 (igb2) -> v4: 10.10.10.1/24
OPT2 (igb3) -> v4: 172.16.16.1/24
WAN (igb1)  -> v4/DHCP4: 192.168.0.19/24

Additional Notes:

• No VPN Configuration
• All firewall rules are ANY ANY for testing and checked from Live View, everything is allowed (no block)
• All the devices can access the internet without any problems.

Thanks everyone.