NAT reflection still broken???

jlepthien

That's what I told u b4 ;)

Boolah

Just tested NAT reflection on the following two builds:

2.0-BETA4 (amd64)
built on Tue Dec 21 16:10:15 EST 2010

and

2.0-BETA4 (i386)
built on Tue Dec 21 12:44:54 EST 2010

Didn't have any trouble with either the i386/amd64 builds and both were running in VMs.

Supermule

Which version of Vmware?

And can you post your VM config in here?

:)

@Boolah:

Just tested NAT reflection on the following two builds:

2.0-BETA4 (amd64)
built on Tue Dec 21 16:10:15 EST 2010

and

2.0-BETA4 (i386)
built on Tue Dec 21 12:44:54 EST 2010

Didn't have any trouble with either the i386/amd64 builds and both were running in VMs.

Boolah

Actually, they were both running in Hyper-V.  I've got VMware Workstation (v7.1.3) which I can test on as well.  Don't have VMs setup for pfSense in VMware, but I'm installing them now and will let you know what I find…

Supermule

Thx mate!! Very kind of you :)

Merry christmas!

Boolah

I only tested the i386 build in VMware, but NAT reflection worked there too.  Below is the VMware config (which is very basic):

.encoding = "windows-1252"
config.version = "8"
virtualHW.version = "7"
maxvcpus = "4"
scsi0.present = "TRUE"
scsi0.virtualDev = "lsilogic"
memsize = "1024"
ide0:0.present = "TRUE"
ide0:0.fileName = "pfSense-000003.vmdk"
ide1:0.present = "TRUE"
ide1:0.fileName = "E:\Downloads\pfSense-i386.iso"
ide1:0.deviceType = "cdrom-image"
ethernet0.present = "TRUE"
ethernet0.virtualDev = "e1000"
ethernet0.wakeOnPcktRcv = "FALSE"
ethernet0.addressType = "generated"
usb.present = "TRUE"
ehci.present = "TRUE"
svga.autodetect = "FALSE"
mks.enable3d = "TRUE"
pciBridge0.present = "TRUE"
pciBridge4.present = "TRUE"
pciBridge4.virtualDev = "pcieRootPort"
pciBridge4.functions = "8"
pciBridge5.present = "TRUE"
pciBridge5.virtualDev = "pcieRootPort"
pciBridge5.functions = "8"
pciBridge6.present = "TRUE"
pciBridge6.virtualDev = "pcieRootPort"
pciBridge6.functions = "8"
pciBridge7.present = "TRUE"
pciBridge7.virtualDev = "pcieRootPort"
pciBridge7.functions = "8"
vmci0.present = "TRUE"
roamingVM.exitBehavior = "go"
displayName = "pfSense"
guestOS = "freebsd"
nvram = "pfSense.nvram"
virtualHW.productCompatibility = "hosted"
extendedConfigFile = "pfSense.vmxf"
ethernet1.present = "TRUE"
ethernet1.virtualDev = "e1000"
ethernet1.wakeOnPcktRcv = "FALSE"
ethernet1.addressType = "generated"
ethernet2.present = "TRUE"
ethernet2.virtualDev = "e1000"
ethernet2.wakeOnPcktRcv = "FALSE"
ethernet2.addressType = "generated"
ethernet0.generatedAddress = "00:0c:29:08:f9:17"
ethernet1.generatedAddress = "00:0c:29:08:f9:21"
ethernet2.generatedAddress = "00:0c:29:08:f9:2b"
uuid.location = "56 4d a5 1b bd 36 0e ac-db 0f e5 e6 db 08 f9 17"
uuid.bios = "56 4d a5 1b bd 36 0e ac-db 0f e5 e6 db 08 f9 17"
cleanShutdown = "TRUE"
replay.supported = "FALSE"
replay.filename = ""
ide0:0.redo = ""
pciBridge0.pciSlotNumber = "17"
pciBridge4.pciSlotNumber = "21"
pciBridge5.pciSlotNumber = "22"
pciBridge6.pciSlotNumber = "23"
pciBridge7.pciSlotNumber = "24"
scsi0.pciSlotNumber = "16"
usb.pciSlotNumber = "32"
ethernet0.pciSlotNumber = "33"
ethernet1.pciSlotNumber = "34"
ethernet2.pciSlotNumber = "35"
ehci.pciSlotNumber = "37"
vmci0.pciSlotNumber = "38"
vmotion.checkpointFBSize = "134217728"
ethernet0.generatedAddressOffset = "0"
ethernet1.generatedAddressOffset = "10"
ethernet2.generatedAddressOffset = "20"
vmci0.id = "-620168937"
ide1:0.autodetect = "TRUE"
tools.remindInstall = "TRUE"
sound.present = "FALSE"
floppy0.present = "FALSE"

Supermule

Thx again :)

Supermule

Still not working….updating to latest snapshot 12/23 03:37

:'(

Boolah

@Supermule:

No luck….it redirects me to the pf login page with NAT reflection enabled. It looses the packages if not.

Have you tried with a factory-default config of pfSense (without any packages)?

What about the target system (that you're redirecting to) - it isn't running a software firewall that might be blocking the traffic?

Supermule

Nope…its an ISA. FW it is, but the same config on 1.2.3 runs no issues.

Funambol sync on the mobiles cannot connect on 2.0 but stops at logging on the mailserver. Running 1.2.3 no issues. Its like the packets never get there.....or they are empty. I havent got a bloody clue of whats wrong....i cant see anything in the logs...nothing is blocked.

Supermule

Still broken for me in a totaly clean install. I havent got a bloody clue….............

Boolah

Does anything show up in a packet capture on your LAN interface for the reflected ports?  If not, is it possible that something else is blocking the traffic (like a layer 3 switch)?

Supermule

They are both sitting on the same Vswitch and its not L3 capable.

Supermule

Nope…..nothing at all.... This is SO weird.....

@Boolah:

Does anything show up in a packet capture on your LAN interface for the reflected ports?  If not, is it possible that something else is blocking the traffic (like a layer 3 switch)?

Guest

It wasn't working for me one time, I did a reinstall on my pfsense box and then it worked… same build and everything. Make sure to play around with nat reflection stuff first before touching any of the packages, that seemed to make it work for me.

Supermule

Thx :)  I had it working for a short while yesterday evening, but it broke after a couple of changes to the DNS Forwarder. It is really weird….like it stays down when changed or something has an influence on how it works.

@jigglywiggly:

It wasn't working for me one time, I did a reinstall on my pfsense box and then it worked… same build and everything. Make sure to play around with nat reflection stuff first before touching any of the packages, that seemed to make it work for me.

Kzor

I've found that if you enable reflection and have the pfsense web config listening on the same port you as the one you want to connect to (lets say 80 and you have a externally accessible web server running on port 80 too) and you try to connect using your external IP from the internal network, it will connect to the web config.
Changing the web config port fixes the problem.

Supermule

Thx will try that. But in 1.2.3 this is not necessary…..what is stripped from the packages since the PF cannot tell the difference??

akula169

I've recently noticed NAT reflection is broken on my install (latest BETA5 build).

Did you find a fix for your install yet?

Jonb

I have noticed this with Beta 4. I am running on physical machine with intel nics and port 1433 was being looped through even though we were using a totally different IP external one that PF didn't know about. So users though they were going to an external SQL server to be re-routed to an internal one.

Switching off NAT reflection sorted it.

Never tried it again since.