opnsense box not pinging anything on the internet. But internet works!

[geek]

I have a very weird problem - opnsense box cannot do any ping to WAN/Internet.
(which is why even the WAN gateway shows offline)

- All computers on LAN can ping and access ALL resources on the internet.
- opnsense box can't ping anything on the internet
- opnsense box CAN ping everything on the LAN side
- port probe works fine (I ran a 443 check on google.com)

- for test purposes I even did a allow all rule for all protocols everywhere, it didn't work.

[CJ]

What does your network look like?

How are you testing ping?

Can you test with a fresh install?

[geek]

What does your network look like?

How are you testing ping?

Can you test with a fresh install?

Very simple: 2 Interfaces:

WAN - connects to internet
LAN - connects to lan with a /24 subnet

Testing ping using the ping diagnostics in interfaces menu
Testing with a fresh install is NOT possible as it is on a remote location. That would be my absolute last resort
I am using the latest version.

[CJ]

I can only imagine that you have something screwed up in your Firewall rules.  What do your WAN rules look like, including the floating and automatic rules?

[geek]

I can only imagine that you have something screwed up in your Firewall rules.  What do your WAN rules look like, including the floating and automatic rules?

You are correct. There are an unusual amount of automatic rules.
attached WAN and floating Rules

[CJ]

That's not an unusual amount of rules.  Try this.

Delete the rule you added, go to Firewall -> Diagnostics -> Live View and set protoname is icmp.

Then in a separate window go to the Ping Diagnostics page and try a ping.  Post the results.

[geek]

attached. Log says "pass" But ping probe says "100% loss"

[CJ]

So your ping is getting out but not coming back. correctly.  What does the live view show when you ping from a client on your network?

[geek]

Local ping works and live view shows packet pass

[CJ]

That's not what I was asking.  You said you can ping from a local client out to the internet.  I want to see what the live view shows in that case.

[geek]

My bad. I ran a ping from a local client to 2 different IPs, log shows it passes

[CJ]

Weird.  What does the live view show for Action is Deny while pinging from OPNSense and then while pinging from a local client?

Also, can you post what the local client displayed?

[geek]

There is nothing in live view other than some default deny on IGMP on WAN interface.

However, I did notice something odd. I had the firewall box brought in, plugged it into a different network, reconfigured the interfaces and everything seems to be working. But in that network specifically on the WAN side, its not letting ping go.

My guess is the ONT device (ISP's box) is doing something funny here. I don't think OPNsense is the problem in this case.

Current setup is like this:

ISP ONT device -> LAN IP -> 192.168.1.1 ->> OPNsense WAN IP (192.168.1.2 with gateway set to 192.168.1.1)

LAN side OPNsense IP -> 192.168.2.1

If you see the attached ping jobs, no icmp traffic is being blocked by pfsense.
end-user (windows) clients can ping anything on the internet (8.8.8.8 / 8.8.4.4)

[cookiemonster]

Both WAN and LAN are on RFC1918 networks? Maybe bogons rule is blocking.

[geek]

Both WAN and LAN are on RFC1918 networks? Maybe bogons rule is blocking.

Yes. Because the ISPs are shitty and whenever there's a problem, they'll lay the blame on "your firewall" if something goes wrong. So we do it like this (I know Double Nat, bad practice etc...  ;D)

Both Bogons and Private IP Blocks are disabled