Show Posts
1
16.7 Legacy Series / [solved] Strange ping behaviour
« on: September 21, 2016, 08:37:21 pm »
LAN: 192.168.1.0/24
WAN: 192.168.2.1, 255.255.255.0, upstream gateway 192.168.2.253
Problem: WAN clients (i.e. a client with address from 192.168.2.0/24) cannot ping WAN interface.
But OPNsense is able to ping those WAN clients.
I ran tcpdump and found out that OPNsense is sending ping reply to upstream gateway instead of client itself - they are in same subnet!
Once I disable firewall, ping starts working (ping reply is sent to appropriate client).
Firewall has only 3 rules (except two default ones - block bogon and private networks):
1. accept any traffic from my workstation (I cannot ping WAN interface either, but I can manage OPNsense throught it)
2. accept any ICMP traffic
3. block any other traffic
4. enabled "Bypass firewall rules for traffic on the same interface"
5. floating rules - only default "Block all IPv6 traffic"
6. NAT: "Manual outbound NAT rule generation" with autocreated LAN -> WAN rule (192.168.1.0/24 -> 192.168.2.1)
WAN: 192.168.2.1, 255.255.255.0, upstream gateway 192.168.2.253
Problem: WAN clients (i.e. a client with address from 192.168.2.0/24) cannot ping WAN interface.
But OPNsense is able to ping those WAN clients.
I ran tcpdump and found out that OPNsense is sending ping reply to upstream gateway instead of client itself - they are in same subnet!
Once I disable firewall, ping starts working (ping reply is sent to appropriate client).
Firewall has only 3 rules (except two default ones - block bogon and private networks):
1. accept any traffic from my workstation (I cannot ping WAN interface either, but I can manage OPNsense throught it)
2. accept any ICMP traffic
3. block any other traffic
4. enabled "Bypass firewall rules for traffic on the same interface"
5. floating rules - only default "Block all IPv6 traffic"
6. NAT: "Manual outbound NAT rule generation" with autocreated LAN -> WAN rule (192.168.1.0/24 -> 192.168.2.1)