NAT working intermittently
-
Hi,
We've just discovered that our outbound NAT is working randomly in one interface.
Most packets are NATed correctly, but some are not.
Our pfSense is version 1.2.2 built on Thu Jan 8 22:30:24 EST 2009
We have another pfSense version 1.2, and this is working perfectly.
Any sujestion will be very appreciated (please, not downgrade related)
Thaks a lot in advance.
-
How do you test?
What do you test?
What do you expect?
What do you get?
Network diagram?
Tcpdumps?
Etc. ( more information needed) -
1.- How do you test?
I get logs from a remote source, outside of the pfsense firewall in another network, geographically separated.
2.- What do you test?
Connectios from pfS site to a CheckPonint FW one. Some connections appears to be from the NATed virtual IP, and some from the private network (10.0.32.0/19)
3.- What do you expect?
I expect to see all the connections become from the virtual IP (NAT Outbound)
4.- What do you get?
Most connections appears, in the Checkpoint logs, from the remote Virtual IP (as it should be), some from the original remote private IP.
5.- Network diagram?
The network is very similar to another network (of us) with pfS version 1.2 in wich Outbound NAT performs correctly.
I don't think it's an architecture related issue.6.- Tcpdumps?
A short piece of the CheckPoint logs is attached. The fqdns are changed dued to security reasons.
The virtual IP associated with the Outbound NAT is 'users.sub.domain.es' and the network behind the NAT is 10.0.32.0/19.Clients IP config are OK (IP, Mask, Gateway)
¿Is that some packets are leaking without being NATed, or am I wrong?
Thanks in advance: Paco.-
-
Two logs fro the same timeframe would be perfect: one tcpdumpfrom pfSense another one from remote CP.
On pfSense: tcpdump -ni <wan_interface_name>host</wan_interface_name>