Issue nat always need to reboot
-
@johnpoz Thank you for the reply,
Correct ex: i try to create a new NAT to point to another IP and port, i check and it does not work, what i have to do is turn off pfBlocker, and then it starts working,
then after that i have to turn back on the pfBlocker and restart pfSense for it to work pfBlocker and the NAT
which currently im doing this at the moment but wanted to see how i can troubleshoot the issue,as for pfBlocker the rules that i did were created above pfBlocker on the WAN so no reason to be blocking, and even if i turn it back on the pfBlocker wont block either, i have to reboot for it to start working
So not sure if its a pfBlocker issue or a NAT issue
Thank yo u
-
@killmasta93 you have no rules in floating from pfblocker. Or other?
If your rule that allows is above the rule in wan that pfblocker is blocking - then its not possible for pfblocker to be the problem.
And you sure do not need to reboot pfsense for any firewalls to take effect or for the order of rules to be done. You just need to apply the rules.
The only issue that can come about with reloading of rules, is existing states could still be in play. But those wouldn't have anything to do with a block. Blocks do not create states.
Are you using pfblocker aliases in your port forwards? I do for example, not really a fan of auto rules.
Can you show your rules where you think they should be allowed and are not? Is your inbound traffic being blocked, or just not working - I would suggest you set your rules to log, so you can see which rule is allowing, or blocking, etc.
-
@johnpoz Hi thank you for the reply,
Correct no floating rules
sure im attaching the rulesso in this case i have a rule to block everything beside south America to the ports 465
as you can see pfblocker is working an its on using alias
also tried to delete the states,
I know if i reboot it starts working everything
Thank you
-
@killmasta93 don't do it that way... If all you want to allow is SAmerica, then allow that in your port forward.. ! rules can be problematic.. There is no reason to do it how your trying to do it, you want to allow SAmerica, then allow that - don't try blocking everything else..
here is a port forward where I allow things to my plex. And the firewall rule it creates.
-
@johnpoz thank you for the reply,
so i did the following created the NAT
i recheck and it keeps showing the port openedi was checking on the pfblocker it shows the packets being blocked but not really blocking
checking the states
then i checked the postfix logs the 192.168.1.6
and it shows contact to the VM
-
@killmasta93 and what do your firewall rules look like? Lets see your full wan rules, and you have zero rules on your floating.
What is this?
That is not firewall or log ? Do you have something in pfblocker creating auto rules?
Please post the full rule set of your wan.. You have something above allowing??
-
@johnpoz Thank you for the reply,
the photo that you attach is the log of pfBlocker showing that IP getting blocked but in reality its not blocking
pfblocker alias native
Thank you
-
@killmasta93 what is in that whitelist? That would allow anything that is in that list.
You would have to kill all the states from that IP, or no matter what rules you do it would be allowed..
-
@johnpoz
Thanks for the reply so deleted those rules
but still the same issue -
hi @johnpoz so i ended up rebooting and started to work, very odd cant seem to find out the issue
