Cannot NAT trough OPT1 interface on multiwan
-
I think my problem is the same.
If someone has some spare time to read: https://forum.pfsense.org/index.php?topic=82944.0I am running:
Version 2.2-BETA (amd64)
built on Fri Oct 17 20:02:23 CDT 2014
FreeBSD 10.1-RC2I am available to test any solution and report back.
-
It's a known bug and the developers are working on it. Until then if this is a deal breaker you can try going back to 2.1.5 until the issue is resolved. That is what I'm doing.
-
I'm seeing the same issues on the current snapshot – I've worked around the issue with some sourcerouting and having an upstream system on one of the WAN links handle NATting for now. That works (firewall rules forcing a gateway, then having manual NAT rules disabling NAT).
It looked like using firewall rules to force the alternate gateway would make the multiWAN NAT rules start working correctly, but I didn't test that yet. It definitely adds another layer of config management to do this, so I eagerly await having this one squished :)
-
Don't change anything on your system trying to fix this, it's part of the packet filter that's currently broken in snapshots. It's slightly more correct now, as reply-to does at least return route correctly. But it's sending traffic with broken checksums, which still leaves it broken. Ermal's heading home from our hackathon in a few hours. He'll fix that when he gets back home later in the week.
-
@cmb:
Don't change anything on your system trying to fix this, it's part of the packet filter that's currently broken in snapshots. It's slightly more correct now, as reply-to does at least return route correctly. But it's sending traffic with broken checksums, which still leaves it broken. Ermal's heading home from our hackathon in a few hours. He'll fix that when he gets back home later in the week.
It's just a little portion of the old home network, and thankfully the changes are easy backed out to test any fixes :)
Thanks a ton for the feedback that it's being worked on, aside from this particular snag, 2.2 is looking stellar for my usage.
-
Thanks a ton for the feedback that it's being worked on, aside from this particular snag, 2.2 is looking stellar for my usage.
Agreed - I'm new to pfSense, but I'm very impressed with the speed of development and the "get it right in the GUI" approach. I've been using OpenWRT for a few years and there is a real tendency to push any advanced configuration to the command line, leaving much of your intricate configuration hidden within the GUI. I think the approach pfSense takes seems much more sensible - right down for the meaningful descriptions of all parameters in within the GUI
-
@cmb:
Ermal's heading home from our hackathon in a few hours. He'll fix that when he gets back home later in the week.
Hi Ermal - have yo had a chance to take a look at this yet?
M
-
Please test next coming snapshot.
-
This works for me on IPv4 now with a kernel Ermal built with the fix that'll be in the next round of snapshots. Hopefully next snapshot run will be good (first one from the 30th should have it).
-
Thanks Ermal - Everything seems to be working great now :)
-
IPv4 is fixed here, still an issue with IPv6 and TCP but all the common cases confirmed working with today's snapshot.
-
IP4 is working for me now also. Thank you!
-
@cmb:
IPv4 is fixed here, still an issue with IPv6 and TCP but all the common cases confirmed working with today's snapshot.
I can confirm the issue with IPv6, but ICMP does not seem to work in my case. The rule below used to work on my 2.1 install. I have migrated my old config to a 2.2 test machine.
-
I can confirm the issue with IPv6, but ICMP does not seem to work in my case. The rule below used to work on my 2.1 install. I have migrated my old config to a 2.2 test machine.
That's route-to, not reply-to. I'll check that, I'm not aware of any issues there, but that type of scenario isn't as widely used with v6 as with v4.
-
Ah, sorry, I have set this up a long time ago and forgot to mention that there actually is NAT involved. The setup is a workaround to be able to use 2 IPv6 gateways described here:
https://forum.pfsense.org/index.php?topic=71293.msg402861#msg402861
But it was working OK on 2.1. ;) Anyway, thanks for looking into this and if someone has a better idea, feel free to revive that old thread. -
Just another testimonial over here. WAN2 working fine now. I'm not using IPv6 as of yet but will deploy to track development PfSense 2.2 Beta. I'm currently running the snapshot dated Nov 1 64bit.
-
IPv6 should be fixed on new snapshots as well.
-
Works fine now, even with my strange IPv6 NAT config mentioned earlier. Thanks!
-
Also works for me. Thank you