Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT redirect broken

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    8 Posts 3 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Accounts
      last edited by

      Ever since the hackaton NAT redirect  has been broken for me. I can not access any of the sites I host internal unless I go to the internal IP, the External IP's work for everyone external to my router but none of my internal users can access with the external IP. I have tryed turning on and off the auto creation of NAT redirect and this made no changes. The firewall shows no packets being dropped related to my external/interal ips

      Is NAT redirect working for anyone else?

      1 Reply Last reply Reply Quote 0
      • T
        tommyboy180
        last edited by

        Did you disable NAT reflection in system -> advanced.

        -Tom Schaefer
        SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

        Please support pfBlocker | File Browser | Strikeback

        1 Reply Last reply Reply Quote 0
        • A
          Accounts
          last edited by

          It was enabled from my old config, I have disabled reboot, enabled reboot and also tryed with out the reboots and I still can not access any of my pub ip's from behind my pfsense nat.

          1 Reply Last reply Reply Quote 0
          • T
            tommyboy180
            last edited by

            Wait, you enabled it? Just to clarify you need to disable NAT reflection to access your pub IP. Sorry if I miss understood you.

            -Tom Schaefer
            SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

            Please support pfBlocker | File Browser | Strikeback

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              Upon a cursory glance, it appears that inetd is not being started for whatever reason. As it handles the NAT reflection, that would explain why it isn't working.

              As to why that isn't being started, it will take a little more investigation.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                I think I found the commit that broke it.

                If you can edit /etc/inc/filter.inc, find this line:

                killbypid("/var/run/inetd.pid");
                

                Right underneath that line, put this one:

                mwexec("/usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf");
                

                It's probably somewhere around line 991

                After that, you might try to disable/enable NAT reflection again to see if that triggers it.

                If that fixes it I'll see about committing that back in. I don't think it was intentionally deleted.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Actually it doesn't look like that killbypid line is needed right above there anyhow. If it's not running, there is nothing to kill.

                  I committed the fix to HEAD, it should be in the next snapshot or you can go to the PHP shell from the console and do "playback cvssync" to pull in the change if you are already on a very recent snapshot.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • A
                    Accounts
                    last edited by

                    Thanks! I can now access my internal sites. Just updated to snapshot built on Sun Apr 19 16:39:51 EDT 2009

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.