[Solved] Unable to ping gateway from LAN

Started by jds, July 15, 2021, 10:33:06 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 15, 2021, 10:33:06 PM Last Edit: July 16, 2021, 03:22:57 PM by jds
I read problems in the forum involving dual WAN setups, but mine is not dual and pretty simple. The 'block private network' switch on WAN is not checked. Yet, I cannot ping the gateway from inside the LAN.  I must be missing something stupid, so any suggestions are likely to be useful, and certainly appreciated.
July 16, 2021, 07:30:11 AM #1
Your issue is with anti-spoofing features on the firewall. The source IP is on the private ranges, it goes out to the WAN interface and is then attempting to open a connection with the public IP. From the shape that the traffic flow takes, this is called a 'hairpin' route. You can control this with the NAT reflection setting in OPNsense.

Next question is - why do you want to ping your external gateway? :)

There is a WAN health feature in the dashboard which lets you keep an eye on it. To confirm that you have good connectivity from inside your LAN, ping a known responder ( typically 8.8.8.8 ) or configure smokeping on an internal host.

Bart...
July 16, 2021, 11:23:19 AM #2
Thanks for the response. This indeed looks useful. To answer your question: I don't! But a device on my network does. It checks that it is connected this way very frequently, and reboots the wifi connection if the ping comes back empty. Stupid, I know, but cannot be changed.

So, I think that I found the proper place: Firewall-> Settings->Advanced. There are three radio buttons dealing with reflection. I tried every permutation of enabling these, and saving settings, but none worked. I even tried enabling all three and rebooting, but still no success. Any ideas what I am missing?
July 16, 2021, 01:01:48 PM #3
Are you allowing ICMP on your WAN interface?

Try capturing some packets on the LAN and WAN side and check the firewall logs for deny entries.

Bart...
July 16, 2021, 03:22:07 PM #4
Yeah, it was ICMP. I made a pass rule in LAN like response#6 here: https://forum.opnsense.org/index.php?topic=10718.msg48955#msg48955

Thank you!
July 18, 2021, 02:29:46 PM #5
Quote from: bartjsmit on July 16, 2021, 07:30:11 AM
There is a WAN health feature in the dashboard which lets you keep an eye on it.

I can't see this on my system, can you tell me where it is please? Or do I need to enable something to make it appear?

Thanks.
July 18, 2021, 04:46:16 PM #6
Quote from: jonm on July 18, 2021, 02:29:46 PM
I can't see this on my system, can you tell me where it is please? Or do I need to enable something to make it appear?

Shows you how long I've had it enabled  :)

Dashboard, Add widget, Gateways

Bart...
July 20, 2021, 02:53:43 PM #7
Got it, thanks  8)
Print
Go Up Pages1
User actions