Host behind OpenSense can't ping WAN interface (no firewall rules)

[veptune]

Hello all,

I have installed the AMI of opnsense in my AWS VPC. I have to subnet

Public :  172.31.1.1
Private : 172.31.2.0

My interface :



My NAT (I let it by default)



My LAN firewall rules (allow all).



My WAN firewall rules (allow all, for testing).




So what is weird, is that my private host who is 172.31.2.244 can ping the LAN of opensense (172.31.2.251) but can't ping the WAN (172.31.1.114). And of course, can't go on the internet.

Here is the host behind OpenSense route table.

sh-5.2$ ip route show
default via 172.31.2.251 dev enX0
172.31.0.2 via 172.31.2.1 dev enX0 proto dhcp src 172.31.2.244 metric 512
172.31.2.0/24 dev enX0 proto kernel scope link src 172.31.2.244 metric 512
172.31.2.1 dev enX0 proto dhcp scope link src 172.31.2.244 metric 512

What is even more weird is that I have another host on the public subnet, who can ping the WAN.

So I have absolute no idea what is blocking the ping from private host to reach the WAN interface. I know that there is no point for allow a private host to ping the WAN interface, but I thought, before I understand why it can't go to internet, I should now why the packet can even reach the interface.

I have checked AWS group security.

Any idea?


If one of you lives in Taipei, I will pay him a drink...

Thanks