PFsense CE 2.5.1 NAT broken on interface != default WAN
-
We made an upgrade yesterday from 2.5.0 to 2.5.1 and learned this morning that our incoming NAT-rules (they worked for years) are no longer working. Reboot, re-creation of the rules and everything else failed.
After some search i stumbled across
https://redmine.pfsense.org/issues/11436
and after some tests we could get NAT working on our default WAN-Interface but not on any other.
We talked to Netgate support and got the advice to roll back to 2.5.0 (which would be a pain in the back for us) and that the issue wasn't expected or observed on PFsense CommunityEditions, just on Pfsense Plus.
FYI and as a heads up..
Update 7/7/21: the issue seems to be resolved on 2.5.2!
Chris
-
@calipilot Maybe this?
-
@calipilot Is it working for IP alias'??
-
We also affected and must roll back.
Maybe there is a hotfix in the next hours, would be great. -
@cool_corona said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
@calipilot Is it working for IP alias'??
Good question, i don’t have an alias configured on our WAN-interface. For sure is that NAT is not working on an IP-Alias if used on an != default WAN.
Chris
-
@slu said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
We also affected and must roll back.
Maybe there is a hotfix in the next hours, would be great.A hotfix would be awesome! Fingers crossed that Netgate is pushing this issue...
Chris
-
@bob-dig said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
@calipilot Maybe this?
Yep, it’s the same issue like the link I’ve posted.
Chris
-
Same for me. I made and Snaphsot on ESXi and upgraded to 2.6.0-dev. That solved the problem for now. When a hotfix is released for 2.5.1, I will roll back.
-
This post is deleted! -
One point is not really clear to me, is this only an issue if I use gateway groups?
-
@slu said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
One point is not really clear to me, is this only an issue if I use gateway groups?
Nope, in my case, we don't have gateway groups.
Chris
-
@calipilot
hope Netgate can help us with an hotfix. -
I confirm the same issue here.
I have multi WAN setup, after the upgrade all NAT rules ceased to work.
I advised a friend not to upgrade, he already did, but isn't suffering from the issue.
It seems to be an issue with multi WAN configurations.I had to roll back to previous version.
-
i have the same problem.
i am on multi WAN and all port forwards stop functioning...how can i downgrade to 2.5.0?
-
@imanrnm unfortunately, there is no easy way. You have to download the older version and install it. You should also have a backup of your configuration to restore from.
I can see another post on your profile saying you've upgraded to 2.6.0, which is still in development and not recommended for production use. -
@0x00fe-0 Thank you for reply.
yeah i updated to 2.6.0 and the problem is gone but there is other problems!
for example my speed limiters aren't working now!i have a veeam backup from 3 days ago before update to 2.5.1, i will try to restore that and see what happens.
all i know is that there is a real mess right now in my network because of a simple pfsense update and i will never again update my firewall right after they release it and will wait at least some days...
-
@imanrnm
we downgrade to 2.5.0, not perfect because of the openssl vulnerability.
https://www.openssl.org/news/vulnerabilities.htmlAnd no note in the known issues:
https://docs.netgate.com/pfsense/en/latest/releases/21-02-2_2-5-1.html -
Thanks God I found this post . I was going crazy .
NAT is not broken but suddenly stop working in 2.5.1 .I must apologize to my certbot server since I'm requesting SSL like there is not tomorrow , and of course, my reverse proxy isn't happy !!!
Any workaround ? not feeling to downgrade or go BETA
cheers ,
-
unfortunately there is no information about a 2.5.x / -px release.
First time in over 10 years pfSense we can't upgrade the system. -
@imanrnm Since CE and Plus + =(