2.4.5 breaks apipa-nat rules for me
-
Hi everyone,
got a setup running under 2.4.4-RELEASE-p3 which worked just fine but stopped working after the 2.4.5 update.
I have a Modem which has a "Service-Port" which can only use an APIPA address. Clients in my LAN can reach it by calling 10.0.100.1 to access its web page and see connection information.
I did this as follows:
- connecting OPT5 (alias="SPEEDPORT_SERVICE") directly to the Service-Interface of my Modem (Modem-Serivce-Interface has the IP 169.254.2.1)
- gave OPT5 the IP 169.254.2.2
- disabled APIPA_Blocking
- created a virtual IP 10.0.100.1
- set up 2 NAT Rules:
At first I thought, maybe the "APIPA_Blocking"-Option didn't survive the update, but it did. I also tried to use the new GUI Option for it. various Reboots didn't help.
I'm stumped, I can't explain why it stopped working or what I'm missing. As soon as I revert to the previous version it starts working again. -
1:1 Nat on LAN-Interface to translate 100.0.100.1 to 169.254.2.1
It should be 10.0.100.1 I thinkCan you show
# grep 169.254 /tmp/rules.debugoutput ? -
[2.4.5-RELEASE][admin@pfSense.hartlan]/root: grep 169.254 /tmp/rules.debug binat on vmx1 from 169.254.2.1 to any -> 10.0.100.1 nat on $SPEEDPORT_SERVICE inet from 10.0.0.0/24 to 169.254.0.0/16 -> 169.254.2.2/32 port 1024:65535 nat on $WAN inet from 169.254.0.0/16 to any port 500 -> 84.146.xxx.xxx/32 static-port # Auto created rule for ISAKMP - SPEEDPORT_SERVICE to WAN nat on $WAN inet from 169.254.0.0/16 to any -> 84.146.xxx.xxx/32 port 1024:65535 # Auto created rule - SPEEDPORT_SERVICE to WAN table <tonatsubnets> { 10.0.100.1/32 127.0.0.0/8 ::1/128 10.0.0.0/24 172.16.0.0/28 10.254.0.0/24 10.253.0.0/24 10.252.0.0/24 169.254.0.0/16 10.150.0.0/28 10.150.0.0/28 10.0.101.0/28 10.0.102.0/28 } [2.4.5-RELEASE][admin@pfSense.hartlan]/root:Tried the same under 2.4.4-RELEASE-p3 and the output was the same.
-
@globus243 can you create ticket in https://go.netgate.com/ ?
-
Thanks for the tip, Just opened a Ticket.