Solved: Problems with NAT on Virtual IP
-
Hi,
I have suddenly problems with an configuration that worked for a long time, problems exist maybe since the last update (The connection is not used every day, so I can't determine the exact time):
2.3.4-RELEASE-p1
I have defined an VirtualIP, and corresponding NAT rule:
WAN TCP * * "VirtualIP" 443 (HTTPS) 192.168.28.18 443 (HTTPS)
There ist a corresponding automatic generated Firewall rule, and I have Automatic outbound NAT rule generation.
Since a few days i have the problem that the firewall blocks the outgoing NAT-Traffic, some lines form the log:
Aug 2 10:56:00 LAN 192.168.28.18:443 80.187.101.26:1261 TCP:SA
Aug 2 10:56:06 LAN 192.168.28.18:443 80.187.101.26:1063 TCP:R
Aug 2 10:56:09 LAN 192.168.28.18:443 80.187.101.26:1147 TCP:R
Aug 2 10:56:12 LAN 192.168.28.18:443 80.187.101.26:1261 TCP:R
Aug 2 10:57:40 LAN 192.168.28.18:443 80.187.101.26:6406 TCP:SA
Aug 2 10:57:43 LAN 192.168.28.18:443 80.187.101.26:6406 TCP:SA
Aug 2 10:57:49 LAN 192.168.28.18:443 80.187.101.26:6406 TCP:SAI tried to reconfigure all the rules, i tried to switch to Manual Outbound NAT rule generation, but nothing helps.
As I mentioned above, this rules worked for more than a year till last week….
Thank for your support!
Wolfgang
-
Are you actually experiencing a connectivity problem or are you just seeing firewall log entries?
https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection
Actual blocked connections will show up as TCP:S for SYN.
https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment
Also, all those logs are on LAN which further proves the already-closed states.
An actual blocked connection would be logged on the WAN interface.
-
Sorry, this Post can be closed, it was an Pebkac….
I have an backup firewall and I forgot to disable the WAN Interface on this machine after the last update, so the Backup machine grabbed the VirtualIP first.... The gateway is on the production machine and so the firewall blocked the traffic....
Thanks
Wolfgang