Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    All Inbound NAT connections suddently not working

    Scheduled Pinned Locked Moved Firewalling
    11 Posts 3 Posters 816 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • KOMK
      KOM
      last edited by

      Are you testing from the LAN side or WAN side? Have you rebooted it? You might want to upgrade it since you're a bit behind the current version.

      T 1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        @ThaBozz said in All Inbound NAT connections suddently not working:

        I used the packet capture tool and I see only packets from the external source. I see a SYN, and then a bunch of TCP Retransmissions, and finally the connection times out.

        Did you packet capture on the inside interface to see if the SYN was being sent to the target server? That would be the next step there.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • T
          ThaBozz @KOM
          last edited by

          @KOM Yup, tried rebooting to no avail. Regarding the version - the web UI does not offer an option to upgrade. I see on the website that 2.4.4-p3 is available, but the dashboard states that 2.4.4-RELEASE-p1 is up to date. Strange. Maybe because it is a point release?

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            No, it should be offering you the p3 upgrade. Is this 32-bit?

            Also, you didn't say whether you were doing your testing from your LAN or from the Internet.

            T 1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              There is no 32-bit 2.4.4-p1.

              Sounds like you have plenty of stuff broken.

              Can your firewall resolve names in Diagnostics > DNS Lookup?

              If you Diagnostics > Test Port to files00.netgate.com port 443 does it work?

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              T 1 Reply Last reply Reply Quote 0
              • T
                ThaBozz @KOM
                last edited by

                @KOM said in All Inbound NAT connections suddently not working:

                No, it should be offering you the p3 upgrade. Is this 32-bit?

                Also, you didn't say whether you were doing your testing from your LAN or from the Internet.

                It is x86-64. All connection tests are being made from a the internet (Iperf3 -c running over LTE on a smartphone/notebook).

                KOMK 1 Reply Last reply Reply Quote 0
                • T
                  ThaBozz @Derelict
                  last edited by

                  @Derelict said in All Inbound NAT connections suddently not working:

                  There is no 32-bit 2.4.4-p1.

                  Sounds like you have plenty of stuff broken.

                  Can your firewall resolve names in Diagnostics > DNS Lookup?

                  If you Diagnostics > Test Port to files00.netgate.com port 443 does it work?

                  Diagnostics > DNS Lookup for google.com

                  Result Record type
                  172.217.28.14 A
                  2800:3f0:4001:805::200e AAAA
                  Timings
                  Name server Query time
                  127.0.0.1 4 msec
                  8.8.4.4 3 msec
                  8.8.8.8 No response

                  Diagnostics > Test Port to files00.netgate.com port 443:

                  Port test to host: files00.netgate.com Port: 443 successful.

                  (Note: I have to specify WAN1 as the source address - if I let the combo box at "Any", it fails)

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by Derelict

                    Yeah I don't like that 8.8.8.8 failing.

                    You probably want to look at how your DNS is configured vs and gateway monitor IP address vs any gateways set on the DNS Servers in System > General.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • KOMK
                      KOM @ThaBozz
                      last edited by

                      @ThaBozz Brainfart on my part. I forgot that x86 builds stopped with 2.3.5.

                      1 Reply Last reply Reply Quote 0
                      • T
                        ThaBozz
                        last edited by

                        Ok, in the end I nuked everything from orbit and reconfigured from scratch. It is working fine. Thanks for all the help.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.