Ping WAN from LAN
(2024-10-10)
Problem:
Ping WAN interface IP from LAN
Solution:
Pinging from an internal host to an external interface when using source NAT is an incorrect test method. Packets are dropped since the source address is the external address of the firewall and the destination address is the same. Packets are dropped by a security measure called a LAND attack.
Create a policy for LAN-to-WAN-Interface-IP traffic that does not use NAT, and/or create a non-NAT'ing NAT rule for LAN-to-WAN-Interface-IP traffic.