Skip to main content

Ping WAN from LAN

(2024-10-10)

Problem:

Ping WAN interface IP from LAN

Solution:

Pinging from an internal host to an external interface when using source NAT is an incorrect test method. Packets are dropped since the source address is the external address of the firewall and the destination address is the same. Packets are dropped by a security measure called a LAND attack.

Create a policy for LAN-to-WAN-Interface-IP traffic that does not use NAT, and/or create a non-NAT'ing NAT rule for LAN-to-WAN-Interface-IP traffic.

Don't forget to modify your interface management policy as well.

Source