NAT rules went missing afer config restore

cmb

@rrijkse:

Is there a tool to remove sensitive information from a configuration file so I can easily upload it?

status.php will trim out passwords, hashes, certs, PSKs and similar things though that may still leave more than you'll want to make publicly available. You can mark a bug ticket as private, in which case we can download the attachment, delete it, and then make the ticket non-private.

A Former User

Thanks I grabbed the status_output file generated on the 2.2.5 install and tried a couple of times to reproduce it, but haven't been able to. I guess it was just a one-time thing. If you want I can open a private bug with the original 2.2.5 and post upgrade 2.3 config without the NAT section but not sure how useful this will be without the logs.

Thanks,

Robbert

cmb

If it's not replicable there won't be anything we can do. If you find a means of replicating, definitely open a bug please.

Harvy66

I'd be interested to know if the NAT entries are actually in your 2.2.5 config that you backed up.

A Former User

They were definitely in the backup of the config, the first couple of lines are below. I think I may know how the section was removed, but will have to confirm tomorrow since it's rather late.

	 <nat><outbound><mode>advanced</mode>
			 <rule><source>
					<network>10.0.0.0/8</network></rule></outbound></nat> 

doktornotor

So why are you looking at the 'Port Forward' tab when what you posted should be under the 'Outbound' tab?

A Former User

From my first post:

there are no port forwards, no 1:1 NAT and no manual outbound NAT rules.

There was nothing in any of the Tab's under NAT. The Port Forward, 1:1, Outbound or Npt.

I had 10 port forwards configured, two 1:1 NAT's, 4 Manual Outbound NAT and 1 Npt, which were all gone when I imported the configuration.

I did not post all of the NAT section from my old config since it contains all the public IPs.

Thanks,

Robbert

doktornotor

Dude, what you posted is "manual outbound NAT". If there are no NAT rules, then what is missing?! Once again, the screenshot posted here is totally useless. There's not supposed to be ANY entry of ANY of those things you mentioned.

cmb

Yeah the 1:1 and port forwards would generally come before the outbound NAT, that <nat>config snippet indeed looks like it had no port forwards or 1:1 defined.</nat>

A Former User

To stop the confusion I have attached the entire NAT section of the 2.2.5 config that I backed up (I also have a status_output.tgz file from the 2.2.5 box if you want me to share that with you). Hopefully this will shed some more light on this issue since the order of the NAT section is:

1. Outbound NAT
2. 1:1 NAT
3. Port Forward
4. NPt

These are the steps I took originally but have not been able to reproduce this issue since then.

1. Backup the configuration on a 2.2.5 machine, with RRD data, without packages
2. Shutdown the machine
3. Install 2.3-ALPHA image on a new machine
4. Assign a temp IP to LAN interface
5. Skip the Wizard
6. Restore the configuration, with all areas selected (default)
7. I was prompted to fix the interface assignments, since the 2.2.5 box was not the same as the 2.3 box. So I fixed the assignments, PPPoE and VLAN settings.
8. Checked the NAT section, all the tabs are empty, even after a reboot.

Thanks,

Robbert

natsnippet.txt