pfsense Firewall – traceroute is not working (getting blocked by the firewall)
Solution
traceroute without a parameter uses UDP to get the hops. I figured out that this traffic is getting blocked because the destination port is not permitted.
The port changes from around 33440 ongoing (+1 every time), so this is dynamic and can’t be solved with one single port.
With the parameter -I you use ICMP.
Currently i have a rule which is allowing ICMP traffic to the wan network and now it is working with the parameter.
I also need this rule to ping wan hosts. Not just for traceroute. This is also going over the ICMP protocol.
