PFsense CE 2.5.1 NAT broken on interface != default WAN
-
Same for me. I made and Snaphsot on ESXi and upgraded to 2.6.0-dev. That solved the problem for now. When a hotfix is released for 2.5.1, I will roll back.
-
This post is deleted! -
One point is not really clear to me, is this only an issue if I use gateway groups?
-
@slu said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
One point is not really clear to me, is this only an issue if I use gateway groups?
Nope, in my case, we don't have gateway groups.
Chris
-
@calipilot
hope Netgate can help us with an hotfix. -
I confirm the same issue here.
I have multi WAN setup, after the upgrade all NAT rules ceased to work.
I advised a friend not to upgrade, he already did, but isn't suffering from the issue.
It seems to be an issue with multi WAN configurations.I had to roll back to previous version.
-
i have the same problem.
i am on multi WAN and all port forwards stop functioning...how can i downgrade to 2.5.0?
-
@imanrnm unfortunately, there is no easy way. You have to download the older version and install it. You should also have a backup of your configuration to restore from.
I can see another post on your profile saying you've upgraded to 2.6.0, which is still in development and not recommended for production use. -
@0x00fe-0 Thank you for reply.
yeah i updated to 2.6.0 and the problem is gone but there is other problems!
for example my speed limiters aren't working now!i have a veeam backup from 3 days ago before update to 2.5.1, i will try to restore that and see what happens.
all i know is that there is a real mess right now in my network because of a simple pfsense update and i will never again update my firewall right after they release it and will wait at least some days...
-
@imanrnm
we downgrade to 2.5.0, not perfect because of the openssl vulnerability.
https://www.openssl.org/news/vulnerabilities.htmlAnd no note in the known issues:
https://docs.netgate.com/pfsense/en/latest/releases/21-02-2_2-5-1.html -
Thanks God I found this post . I was going crazy .
NAT is not broken but suddenly stop working in 2.5.1 .I must apologize to my certbot server since I'm requesting SSL like there is not tomorrow , and of course, my reverse proxy isn't happy !!!
Any workaround ? not feeling to downgrade or go BETA
cheers ,
-
unfortunately there is no information about a 2.5.x / -px release.
First time in over 10 years pfSense we can't upgrade the system. -
@imanrnm Since CE and Plus + =(
-
@slu regretfully
-
@antonio76
No workaround or quick fix. See latest reply from Jim Pingle here: issue 11805
The issue seems to be "in kernel" so bummer, we need to wait it out. -
@bennyc said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
No workaround or quick fix. See latest reply from Jim Pingle here: issue 11805
The issue seems to be "in kernel" so bummer, we need to wait it out.UPDATE for: Jim Pingle
2.6.0 snapshots are currently working correctly, and the fix was checked into RELENG_2_5_0. Whatever release happens next will behave correctly either way (e.g. a 2.6.0 release or a 2.5.x point or patch release).
-
I have the same issue. We have nat rules on a multiwan configuration. Upgrading from 2.5.0 to 2.5.1 nat rules on wan1 works but those on wan2 are not working.
we had to restore from backup. :(
-
+1 here I have the same issue with multi-WAN ..
I was going nuts why my vpn wasnt working anymore... out of options I googled if it was a issue with 2.5.1..
well at least I can stop blaming myself :P
-
Think this was the fix.
https://github.com/pfsense/FreeBSD-src/commit/cf7fd16ddcc36499c6dae90074335e889dc9e484
-
@vajonam can you explain how to solve the issue?
