• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

PFsense CE 2.5.1 NAT broken on interface != default WAN

NAT
pfsense 2.5 nat bug 2.5.1 wan
23
56
14.8k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    CaliPilot @Cool_Corona
    last edited by Apr 15, 2021, 11:45 AM

    @cool_corona said in PFsense CE 2.5.1 NAT broken on interface != default WAN:

    @calipilot Is it working for IP alias'??

    Good question, i don’t have an alias configured on our WAN-interface. For sure is that NAT is not working on an IP-Alias if used on an != default WAN.

    Chris

    1 Reply Last reply Reply Quote 0
    • C
      CaliPilot @slu
      last edited by Apr 15, 2021, 11:47 AM

      @slu said in PFsense CE 2.5.1 NAT broken on interface != default WAN:

      We also affected and must roll back.
      Maybe there is a hotfix in the next hours, would be great.

      A hotfix would be awesome! Fingers crossed that Netgate is pushing this issue...

      Chris

      1 Reply Last reply Reply Quote 0
      • C
        CaliPilot @Bob.Dig
        last edited by Apr 15, 2021, 11:50 AM

        @bob-dig said in PFsense CE 2.5.1 NAT broken on interface != default WAN:

        @calipilot Maybe this?

        https://redmine.pfsense.org/issues/11805

        Yep, it’s the same issue like the link I’ve posted.

        Chris

        1 Reply Last reply Reply Quote 0
        • S
          spigandromeda
          last edited by Apr 16, 2021, 11:47 AM

          Same for me. I made and Snaphsot on ESXi and upgraded to 2.6.0-dev. That solved the problem for now. When a hotfix is released for 2.5.1, I will roll back.

          Y 1 Reply Last reply Apr 16, 2021, 12:03 PM Reply Quote 0
          • Y
            Yanik @spigandromeda
            last edited by Apr 16, 2021, 12:03 PM

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • S
              slu
              last edited by Apr 16, 2021, 1:23 PM

              One point is not really clear to me, is this only an issue if I use gateway groups?

              pfSense Gold subscription

              C 1 Reply Last reply Apr 16, 2021, 2:51 PM Reply Quote 0
              • C
                CaliPilot @slu
                last edited by Apr 16, 2021, 2:51 PM

                @slu said in PFsense CE 2.5.1 NAT broken on interface != default WAN:

                One point is not really clear to me, is this only an issue if I use gateway groups?

                Nope, in my case, we don't have gateway groups.

                Chris

                S 1 Reply Last reply Apr 16, 2021, 3:06 PM Reply Quote 0
                • S
                  slu @CaliPilot
                  last edited by Apr 16, 2021, 3:06 PM

                  @calipilot
                  hope Netgate can help us with an hotfix.

                  pfSense Gold subscription

                  1 Reply Last reply Reply Quote 0
                  • 0
                    0x00FE 0
                    last edited by Apr 16, 2021, 8:53 PM

                    I confirm the same issue here.
                    I have multi WAN setup, after the upgrade all NAT rules ceased to work.
                    I advised a friend not to upgrade, he already did, but isn't suffering from the issue.
                    It seems to be an issue with multi WAN configurations.

                    I had to roll back to previous version.

                    1 Reply Last reply Reply Quote 0
                    • I
                      imanrnm
                      last edited by Apr 17, 2021, 7:23 AM

                      i have the same problem.
                      i am on multi WAN and all port forwards stop functioning...

                      how can i downgrade to 2.5.0?

                      1 Reply Last reply Reply Quote 0
                      • 0
                        0x00FE 0
                        last edited by Apr 17, 2021, 10:23 AM

                        @imanrnm unfortunately, there is no easy way. You have to download the older version and install it. You should also have a backup of your configuration to restore from.
                        I can see another post on your profile saying you've upgraded to 2.6.0, which is still in development and not recommended for production use.

                        I 1 Reply Last reply Apr 17, 2021, 10:31 AM Reply Quote 0
                        • I
                          imanrnm @0x00FE 0
                          last edited by imanrnm Apr 17, 2021, 10:34 AM Apr 17, 2021, 10:31 AM

                          @0x00fe-0 Thank you for reply.
                          yeah i updated to 2.6.0 and the problem is gone but there is other problems!
                          for example my speed limiters aren't working now!

                          i have a veeam backup from 3 days ago before update to 2.5.1, i will try to restore that and see what happens.

                          all i know is that there is a real mess right now in my network because of a simple pfsense update and i will never again update my firewall right after they release it and will wait at least some days...

                          S J 2 Replies Last reply Apr 17, 2021, 12:18 PM Reply Quote 0
                          • S
                            slu @imanrnm
                            last edited by Apr 17, 2021, 12:18 PM

                            @imanrnm
                            we downgrade to 2.5.0, not perfect because of the openssl vulnerability.
                            https://www.openssl.org/news/vulnerabilities.html

                            And no note in the known issues:
                            https://docs.netgate.com/pfsense/en/latest/releases/21-02-2_2-5-1.html

                            pfSense Gold subscription

                            1 Reply Last reply Reply Quote 0
                            • A
                              Antonio76
                              last edited by Apr 21, 2021, 7:04 PM

                              Thanks God I found this post . I was going crazy .
                              NAT is not broken but suddenly stop working in 2.5.1 .

                              I must apologize to my certbot server since I'm requesting SSL like there is not tomorrow , and of course, my reverse proxy isn't happy !!!

                              Any workaround ? not feeling to downgrade or go BETA

                              cheers ,

                              S B 2 Replies Last reply Apr 22, 2021, 1:43 PM Reply Quote 1
                              • S
                                slu @Antonio76
                                last edited by Apr 22, 2021, 1:43 PM

                                @antonio76

                                unfortunately there is no information about a 2.5.x / -px release.
                                First time in over 10 years pfSense we can't upgrade the system.

                                pfSense Gold subscription

                                A 1 Reply Last reply Apr 22, 2021, 4:16 PM Reply Quote 2
                                • J
                                  j.sejo1 @imanrnm
                                  last edited by Apr 22, 2021, 2:20 PM

                                  @imanrnm Since CE and Plus + =(

                                  Pfsense - Bacula - NagiosZabbix - Zimbra - AlienVault
                                  Hardening Linux
                                  Telegram: @vtlbackupbacula
                                  http://www.smartitbc.com/en/contact.html

                                  1 Reply Last reply Reply Quote 1
                                  • A
                                    Antonio76 @slu
                                    last edited by Apr 22, 2021, 4:16 PM

                                    @slu regretfully 😥

                                    1 Reply Last reply Reply Quote 0
                                    • B
                                      bennyc @Antonio76
                                      last edited by Apr 23, 2021, 8:40 PM

                                      @antonio76
                                      No workaround or quick fix. See latest reply from Jim Pingle here: issue 11805
                                      The issue seems to be "in kernel" so bummer, we need to wait it out.

                                      4x XG-7100 (2xHA), 1x SG-4860, 1x SG-2100
                                      1x PC Engines APU2C4, 1x PC Engines APU1C4

                                      J 1 Reply Last reply Apr 23, 2021, 9:57 PM Reply Quote 0
                                      • J
                                        j.sejo1 @bennyc
                                        last edited by Apr 23, 2021, 9:57 PM

                                        @bennyc said in PFsense CE 2.5.1 NAT broken on interface != default WAN:

                                        No workaround or quick fix. See latest reply from Jim Pingle here: issue 11805
                                        The issue seems to be "in kernel" so bummer, we need to wait it out.

                                        UPDATE for: Jim Pingle

                                        2.6.0 snapshots are currently working correctly, and the fix was checked into RELENG_2_5_0. Whatever release happens next will behave correctly either way (e.g. a 2.6.0 release or a 2.5.x point or patch release).

                                        Pfsense - Bacula - NagiosZabbix - Zimbra - AlienVault
                                        Hardening Linux
                                        Telegram: @vtlbackupbacula
                                        http://www.smartitbc.com/en/contact.html

                                        1 Reply Last reply Reply Quote 0
                                        • I
                                          infosamu.it
                                          last edited by Apr 24, 2021, 5:14 PM

                                          I have the same issue. We have nat rules on a multiwan configuration. Upgrading from 2.5.0 to 2.5.1 nat rules on wan1 works but those on wan2 are not working.

                                          we had to restore from backup. :(

                                          F 1 Reply Last reply May 2, 2021, 10:13 PM Reply Quote 1
                                          14 out of 56
                                          • First post
                                            14/56
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.