PFsense CE 2.5.1 NAT broken on interface != default WAN
-
@cool_corona said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
@calipilot Is it working for IP alias'??
Good question, i don’t have an alias configured on our WAN-interface. For sure is that NAT is not working on an IP-Alias if used on an != default WAN.
Chris
-
@slu said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
We also affected and must roll back.
Maybe there is a hotfix in the next hours, would be great.A hotfix would be awesome! Fingers crossed that Netgate is pushing this issue...
Chris
-
@bob-dig said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
@calipilot Maybe this?
Yep, it’s the same issue like the link I’ve posted.
Chris
-
Same for me. I made and Snaphsot on ESXi and upgraded to 2.6.0-dev. That solved the problem for now. When a hotfix is released for 2.5.1, I will roll back.
-
This post is deleted! -
One point is not really clear to me, is this only an issue if I use gateway groups?
-
@slu said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
One point is not really clear to me, is this only an issue if I use gateway groups?
Nope, in my case, we don't have gateway groups.
Chris
-
@calipilot
hope Netgate can help us with an hotfix. -
I confirm the same issue here.
I have multi WAN setup, after the upgrade all NAT rules ceased to work.
I advised a friend not to upgrade, he already did, but isn't suffering from the issue.
It seems to be an issue with multi WAN configurations.I had to roll back to previous version.
-
i have the same problem.
i am on multi WAN and all port forwards stop functioning...how can i downgrade to 2.5.0?
-
@imanrnm unfortunately, there is no easy way. You have to download the older version and install it. You should also have a backup of your configuration to restore from.
I can see another post on your profile saying you've upgraded to 2.6.0, which is still in development and not recommended for production use. -
@0x00fe-0 Thank you for reply.
yeah i updated to 2.6.0 and the problem is gone but there is other problems!
for example my speed limiters aren't working now!i have a veeam backup from 3 days ago before update to 2.5.1, i will try to restore that and see what happens.
all i know is that there is a real mess right now in my network because of a simple pfsense update and i will never again update my firewall right after they release it and will wait at least some days...
-
@imanrnm
we downgrade to 2.5.0, not perfect because of the openssl vulnerability.
https://www.openssl.org/news/vulnerabilities.htmlAnd no note in the known issues:
https://docs.netgate.com/pfsense/en/latest/releases/21-02-2_2-5-1.html -
Thanks God I found this post . I was going crazy .
NAT is not broken but suddenly stop working in 2.5.1 .I must apologize to my certbot server since I'm requesting SSL like there is not tomorrow , and of course, my reverse proxy isn't happy !!!
Any workaround ? not feeling to downgrade or go BETA
cheers ,
-
unfortunately there is no information about a 2.5.x / -px release.
First time in over 10 years pfSense we can't upgrade the system. -
@imanrnm Since CE and Plus + =(
-
@slu regretfully
-
@antonio76
No workaround or quick fix. See latest reply from Jim Pingle here: issue 11805
The issue seems to be "in kernel" so bummer, we need to wait it out. -
@bennyc said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
No workaround or quick fix. See latest reply from Jim Pingle here: issue 11805
The issue seems to be "in kernel" so bummer, we need to wait it out.UPDATE for: Jim Pingle
2.6.0 snapshots are currently working correctly, and the fix was checked into RELENG_2_5_0. Whatever release happens next will behave correctly either way (e.g. a 2.6.0 release or a 2.5.x point or patch release).
-
I have the same issue. We have nat rules on a multiwan configuration. Upgrading from 2.5.0 to 2.5.1 nat rules on wan1 works but those on wan2 are not working.
we had to restore from backup. :(