Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue nat always need to reboot

    Scheduled Pinned Locked Moved NAT
    12 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator @killmasta93
      last edited by

      @killmasta93 I take it you mean a port forward? This would not require a reboot of pfsense. There are very few things that would require a reboot, update being the big one. There are a few other things that might require it - but they are few. Kernel driver like AES-NI or QAT change or enable prob require.

      But a firewall change, nope. What exactly are you doing, creating a new forward to say 192.168.1.100 on port X, changing an existing port forward to say 192.168.1.200 or something?

      pfblocker depending how you have it setup could be blocking inbound traffic from specific lists or IPs based on geo data, etc.

      If you want some help figuring out what is going on - really going to need some more specific details of what exactly your doing.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      K 1 Reply Last reply Reply Quote 0
      • K
        killmasta93 @johnpoz
        last edited by

        @johnpoz Thank you for the reply,
        Correct ex: i try to create a new NAT to point to another IP and port, i check and it does not work, what i have to do is turn off pfBlocker, and then it starts working,
        then after that i have to turn back on the pfBlocker and restart pfSense for it to work pfBlocker and the NAT
        which currently im doing this at the moment but wanted to see how i can troubleshoot the issue,

        as for pfBlocker the rules that i did were created above pfBlocker on the WAN so no reason to be blocking, and even if i turn it back on the pfBlocker wont block either, i have to reboot for it to start working

        So not sure if its a pfBlocker issue or a NAT issue

        Thank yo u

        Tutorials:

        https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @killmasta93
          last edited by

          @killmasta93 you have no rules in floating from pfblocker. Or other?

          If your rule that allows is above the rule in wan that pfblocker is blocking - then its not possible for pfblocker to be the problem.

          And you sure do not need to reboot pfsense for any firewalls to take effect or for the order of rules to be done. You just need to apply the rules.

          The only issue that can come about with reloading of rules, is existing states could still be in play. But those wouldn't have anything to do with a block. Blocks do not create states.

          Are you using pfblocker aliases in your port forwards? I do for example, not really a fan of auto rules.

          Can you show your rules where you think they should be allowed and are not? Is your inbound traffic being blocked, or just not working - I would suggest you set your rules to log, so you can see which rule is allowing, or blocking, etc.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          K 1 Reply Last reply Reply Quote 0
          • K
            killmasta93 @johnpoz
            last edited by

            @johnpoz Hi thank you for the reply,
            Correct no floating rules
            sure im attaching the rules

            so in this case i have a rule to block everything beside south America to the ports 465

            5166f0cb-a1d5-4307-90e5-d4650649ef62-image.png

            as you can see pfblocker is working an its on using alias

            dc73e14e-a83c-4f62-9316-fdbb6dc8b98f-image.png

            c6333e4d-8b39-46c9-9a90-125b5e421e9e-image.png

            also tried to delete the states,

            I know if i reboot it starts working everything

            Thank you

            Tutorials:

            https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @killmasta93
              last edited by johnpoz

              @killmasta93 don't do it that way... If all you want to allow is SAmerica, then allow that in your port forward.. ! rules can be problematic.. There is no reason to do it how your trying to do it, you want to allow SAmerica, then allow that - don't try blocking everything else..

              here is a port forward where I allow things to my plex. And the firewall rule it creates.

              rules.jpg

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              K 1 Reply Last reply Reply Quote 0
              • K
                killmasta93 @johnpoz
                last edited by killmasta93

                @johnpoz thank you for the reply,
                so i did the following created the NAT
                b9f65b4a-fcf0-403f-84ef-b8ec6c851c40-image.png
                i recheck and it keeps showing the port opened

                i was checking on the pfblocker it shows the packets being blocked but not really blocking

                c55e4994-df5a-4ba9-a539-958fe7d4ff37-image.png

                650639b3-b9b4-4659-8603-ea9e068dcc9a-image.png

                checking the states

                94b0959e-b831-4585-8aef-ad911dcf307b-image.png

                then i checked the postfix logs the 192.168.1.6

                and it shows contact to the VM

                269d222d-01f3-41ca-8a00-bfdf995c41a9-image.png

                Tutorials:

                https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @killmasta93
                  last edited by johnpoz

                  @killmasta93 and what do your firewall rules look like? Lets see your full wan rules, and you have zero rules on your floating.

                  What is this?

                  whatis.jpg

                  That is not firewall or log ? Do you have something in pfblocker creating auto rules?

                  Please post the full rule set of your wan.. You have something above allowing??

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  K 1 Reply Last reply Reply Quote 0
                  • K
                    killmasta93 @johnpoz
                    last edited by

                    @johnpoz Thank you for the reply,
                    the photo that you attach is the log of pfBlocker showing that IP getting blocked but in reality its not blocking

                    6982c0f2-bf33-43c7-a488-a18dfe4cee1e-image.png
                    071828bf-a43f-42be-9667-781d65eff2de-image.png

                    pfblocker alias native

                    6524ebd5-1ca6-487f-9bae-2ca4c522967b-image.png

                    Thank you

                    Tutorials:

                    https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

                    johnpozJ 1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator @killmasta93
                      last edited by johnpoz

                      @killmasta93 what is in that whitelist? That would allow anything that is in that list.

                      You would have to kill all the states from that IP, or no matter what rules you do it would be allowed..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      K 1 Reply Last reply Reply Quote 0
                      • K
                        killmasta93 @johnpoz
                        last edited by

                        @johnpoz
                        Thanks for the reply so deleted those rules
                        107c67c2-ef20-4f7c-ab46-4a106487fc89-image.png
                        but still the same issue

                        Tutorials:

                        https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

                        K 1 Reply Last reply Reply Quote 0
                        • K
                          killmasta93 @killmasta93
                          last edited by

                          hi @johnpoz so i ended up rebooting and started to work, very odd cant seem to find out the issue

                          Tutorials:

                          https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.