Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFsense CE 2.5.1 NAT broken on interface != default WAN

    NAT
    pfsense 2.5 nat bug 2.5.1 wan
    23
    56
    14.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CaliPilot @Cool_Corona
      last edited by

      @cool_corona said in PFsense CE 2.5.1 NAT broken on interface != default WAN:

      @calipilot Is it working for IP alias'??

      Good question, i don’t have an alias configured on our WAN-interface. For sure is that NAT is not working on an IP-Alias if used on an != default WAN.

      Chris

      1 Reply Last reply Reply Quote 0
      • C
        CaliPilot @slu
        last edited by

        @slu said in PFsense CE 2.5.1 NAT broken on interface != default WAN:

        We also affected and must roll back.
        Maybe there is a hotfix in the next hours, would be great.

        A hotfix would be awesome! Fingers crossed that Netgate is pushing this issue...

        Chris

        1 Reply Last reply Reply Quote 0
        • C
          CaliPilot @Bob.Dig
          last edited by

          @bob-dig said in PFsense CE 2.5.1 NAT broken on interface != default WAN:

          @calipilot Maybe this?

          https://redmine.pfsense.org/issues/11805

          Yep, it’s the same issue like the link I’ve posted.

          Chris

          1 Reply Last reply Reply Quote 0
          • S
            spigandromeda
            last edited by

            Same for me. I made and Snaphsot on ESXi and upgraded to 2.6.0-dev. That solved the problem for now. When a hotfix is released for 2.5.1, I will roll back.

            YanikY 1 Reply Last reply Reply Quote 0
            • YanikY
              Yanik @spigandromeda
              last edited by

              This post is deleted!
              1 Reply Last reply Reply Quote 0
              • S
                slu
                last edited by

                One point is not really clear to me, is this only an issue if I use gateway groups?

                pfSense Gold subscription

                C 1 Reply Last reply Reply Quote 0
                • C
                  CaliPilot @slu
                  last edited by

                  @slu said in PFsense CE 2.5.1 NAT broken on interface != default WAN:

                  One point is not really clear to me, is this only an issue if I use gateway groups?

                  Nope, in my case, we don't have gateway groups.

                  Chris

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    slu @CaliPilot
                    last edited by

                    @calipilot
                    hope Netgate can help us with an hotfix.

                    pfSense Gold subscription

                    1 Reply Last reply Reply Quote 0
                    • 0
                      0x00FE 0
                      last edited by

                      I confirm the same issue here.
                      I have multi WAN setup, after the upgrade all NAT rules ceased to work.
                      I advised a friend not to upgrade, he already did, but isn't suffering from the issue.
                      It seems to be an issue with multi WAN configurations.

                      I had to roll back to previous version.

                      1 Reply Last reply Reply Quote 0
                      • I
                        imanrnm
                        last edited by

                        i have the same problem.
                        i am on multi WAN and all port forwards stop functioning...

                        how can i downgrade to 2.5.0?

                        1 Reply Last reply Reply Quote 0
                        • 0
                          0x00FE 0
                          last edited by

                          @imanrnm unfortunately, there is no easy way. You have to download the older version and install it. You should also have a backup of your configuration to restore from.
                          I can see another post on your profile saying you've upgraded to 2.6.0, which is still in development and not recommended for production use.

                          I 1 Reply Last reply Reply Quote 0
                          • I
                            imanrnm @0x00FE 0
                            last edited by imanrnm

                            @0x00fe-0 Thank you for reply.
                            yeah i updated to 2.6.0 and the problem is gone but there is other problems!
                            for example my speed limiters aren't working now!

                            i have a veeam backup from 3 days ago before update to 2.5.1, i will try to restore that and see what happens.

                            all i know is that there is a real mess right now in my network because of a simple pfsense update and i will never again update my firewall right after they release it and will wait at least some days...

                            S J 2 Replies Last reply Reply Quote 0
                            • S
                              slu @imanrnm
                              last edited by

                              @imanrnm
                              we downgrade to 2.5.0, not perfect because of the openssl vulnerability.
                              https://www.openssl.org/news/vulnerabilities.html

                              And no note in the known issues:
                              https://docs.netgate.com/pfsense/en/latest/releases/21-02-2_2-5-1.html

                              pfSense Gold subscription

                              1 Reply Last reply Reply Quote 0
                              • Antonio76A
                                Antonio76
                                last edited by

                                Thanks God I found this post . I was going crazy .
                                NAT is not broken but suddenly stop working in 2.5.1 .

                                I must apologize to my certbot server since I'm requesting SSL like there is not tomorrow , and of course, my reverse proxy isn't happy !!!

                                Any workaround ? not feeling to downgrade or go BETA

                                cheers ,

                                S B 2 Replies Last reply Reply Quote 1
                                • S
                                  slu @Antonio76
                                  last edited by

                                  @antonio76

                                  unfortunately there is no information about a 2.5.x / -px release.
                                  First time in over 10 years pfSense we can't upgrade the system.

                                  pfSense Gold subscription

                                  Antonio76A 1 Reply Last reply Reply Quote 2
                                  • J
                                    j.sejo1 @imanrnm
                                    last edited by

                                    @imanrnm Since CE and Plus + =(

                                    Pfsense - Bacula - NagiosZabbix - Zimbra - AlienVault
                                    Hardening Linux
                                    Telegram: @vtlbackupbacula
                                    http://www.smartitbc.com/en/contact.html

                                    1 Reply Last reply Reply Quote 1
                                    • Antonio76A
                                      Antonio76 @slu
                                      last edited by

                                      @slu regretfully 😥

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        bennyc @Antonio76
                                        last edited by

                                        @antonio76
                                        No workaround or quick fix. See latest reply from Jim Pingle here: issue 11805
                                        The issue seems to be "in kernel" so bummer, we need to wait it out.

                                        4x XG-7100 (2xHA), 1x SG-4860, 1x SG-2100
                                        1x PC Engines APU2C4, 1x PC Engines APU1C4

                                        J 1 Reply Last reply Reply Quote 0
                                        • J
                                          j.sejo1 @bennyc
                                          last edited by

                                          @bennyc said in PFsense CE 2.5.1 NAT broken on interface != default WAN:

                                          No workaround or quick fix. See latest reply from Jim Pingle here: issue 11805
                                          The issue seems to be "in kernel" so bummer, we need to wait it out.

                                          UPDATE for: Jim Pingle

                                          2.6.0 snapshots are currently working correctly, and the fix was checked into RELENG_2_5_0. Whatever release happens next will behave correctly either way (e.g. a 2.6.0 release or a 2.5.x point or patch release).

                                          Pfsense - Bacula - NagiosZabbix - Zimbra - AlienVault
                                          Hardening Linux
                                          Telegram: @vtlbackupbacula
                                          http://www.smartitbc.com/en/contact.html

                                          1 Reply Last reply Reply Quote 0
                                          • infosamu.itI
                                            infosamu.it
                                            last edited by

                                            I have the same issue. We have nat rules on a multiwan configuration. Upgrading from 2.5.0 to 2.5.1 nat rules on wan1 works but those on wan2 are not working.

                                            we had to restore from backup. :(

                                            F 1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.