Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No internet from LAN after 1 hour: NAT weird(?)

    Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
    4 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mr. Jingles
      last edited by

      G'evening  ;D

      Having been inspired by the great Chris/CMB to install the 2.2 RC, I just did today. This is what I did:

      • Installed the memstick from the mirror onto my second machine, the Dell R200 (btw, the problem that you need to disable all kinds of bios settings first in order to install, specific for the Dell, that was there in 2.0 and 2.1, is gone  :) );

      • Updated to the latest snapshot twice (one was there right after I installed, when I was finished installing packages the dasboard said there was a new one dated Jan. 7, so I installed that too. Note: the problem I am writing about in this thread was already there before the second snapshot, so today's snapshot).

      • Setup interfaces (dual WAN, failover group, only one WAN (VDSL) connected as WIFE was busy on the other machine (cable) and needed internet too).

      • Rebooted.

      • Restored firewall rules, aliases, DHCP static assignments, traffic shaper, from a cfgbackup (these settings I have manually created a couple of days ago, when I was completely reinstalling my first box to get rid of some other errors. So they are considered to be fresh).

      • Setup /boot/loader.conf.local network card tweaks for igb and bge (wiki).

      • Rebooted.

      • Installed packages: nut, mailreport, vnstat, FreeRadius (Enterprise).

      • Installed OpenVPN client PrivateInternetAccess.

      • Went on to test. All worked fine, except for firewall rule descriptions not showing.

      • After 1 hour: internet from LAN (my Debian box) suddenly gone. No website loaded anymore.

      • Ping pfSense from LAN: it resolved the IP, but the ping timed out (tried that with other sites too, taking sites I hadn't visited for months (like abc.com), to make sure it was not some locally cached IP).

      • ping www.google.com through SSH from pfSense: worked.

      • Removed the setting from step .6. and rebooted. Didn't solve anything.

      • Disabled all firewall rules everywhere, and activated the default 'allow LAN out any any'. Nothing.

      • Double-checked DNS Forwarder servicing LAN, it did. Restarted the service.

      • Double checked: there are four external DNS-servers in System/general, all pingable from the pfSense box.

      • Got lost  :-[ [/li]

      • Got downstairs, kissed WIFE told her I love her and she has the best box currently (because she still has internets albeit no failover between WAN and WAN2), and got beer ( ;D )

      • Tried to get upstairs again to my office: jumped to hide away from my Rottweilers who tried to jump on me to play with Daddy ( ;D ).

      • Started snooping around double checking: and then I saw something weird in NAT.

      • Obviously, the GUI has changed in 2.2, as now in NAT it doesn't show 'WAN address' as a description only, but the actual WAN address itself.

      • I noticed that the actual WAN address shown in NAT is not the actual WAN address I was currently having. Not even after the reboots.

      • Could this have anything to do with it? I am lost  ???

      • I've attached 3 screenshots.

      dell_NAT_03.jpg_thumb

      dell_NAT_03.jpg

      dell_NAT_01.jpg_thumb

      dell_NAT_01.jpg

      dell_NAT_02.jpg_thumb

      dell_NAT_02.jpg

      6 and a half billion people know that they are stupid, agressive, lower life forms.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        The old IP being in there is a bug where it's hard coding the specific IP it has at the time rather than leaving it to the interface IP when you switch from auto to manual outbound, working on fixing that now.

        You probably want hybrid mode in 2.2 rather than manual anyway, just easier to deal with in your circumstance I think. You can manually add specific outbound NAT rules that apply before the auto-generated ones. I'd switch it to hybrid, and delete all the outbound NAT rules with the exception of the ones for your VPNs.

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          @cmb:

          The old IP being in there is a bug where it's hard coding the specific IP it has at the time rather than leaving it to the interface IP when you switch from auto to manual outbound, working on fixing that now.

          That's fixed now, though only for newly-generated manual outbound NAT rulesets after the switch from auto to manual. Your existing rules there will need to be deleted. Though you don't need them anyway I don't think, see previous post re: hybrid mode.

          1 Reply Last reply Reply Quote 0
          • M
            Mr. Jingles
            last edited by

            Great CMB, thank you; I switched to hybrid, deleted the existing rules, and hoppa, it's working again  ;D

            Thank you for this ultra-fast help  :)

            6 and a half billion people know that they are stupid, agressive, lower life forms.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.