NAT redirect broken
-
Ever since the hackaton NAT redirect has been broken for me. I can not access any of the sites I host internal unless I go to the internal IP, the External IP's work for everyone external to my router but none of my internal users can access with the external IP. I have tryed turning on and off the auto creation of NAT redirect and this made no changes. The firewall shows no packets being dropped related to my external/interal ips
Is NAT redirect working for anyone else?
-
Did you disable NAT reflection in system -> advanced.
-
It was enabled from my old config, I have disabled reboot, enabled reboot and also tryed with out the reboots and I still can not access any of my pub ip's from behind my pfsense nat.
-
Wait, you enabled it? Just to clarify you need to disable NAT reflection to access your pub IP. Sorry if I miss understood you.
-
Upon a cursory glance, it appears that inetd is not being started for whatever reason. As it handles the NAT reflection, that would explain why it isn't working.
As to why that isn't being started, it will take a little more investigation.
-
I think I found the commit that broke it.
If you can edit /etc/inc/filter.inc, find this line:
killbypid("/var/run/inetd.pid");Right underneath that line, put this one:
mwexec("/usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf");It's probably somewhere around line 991
After that, you might try to disable/enable NAT reflection again to see if that triggers it.
If that fixes it I'll see about committing that back in. I don't think it was intentionally deleted.
-
Actually it doesn't look like that killbypid line is needed right above there anyhow. If it's not running, there is nothing to kill.
I committed the fix to HEAD, it should be in the next snapshot or you can go to the PHP shell from the console and do "playback cvssync" to pull in the change if you are already on a very recent snapshot.
-
Thanks! I can now access my internal sites. Just updated to snapshot built on Sun Apr 19 16:39:51 EDT 2009
