Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFsense CE 2.5.1 NAT broken on interface != default WAN

    Scheduled Pinned Locked Moved NAT
    pfsense 2.5natbug2.5.1wan
    56 Posts 23 Posters 15.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      spigandromeda
      last edited by

      Same for me. I made and Snaphsot on ESXi and upgraded to 2.6.0-dev. That solved the problem for now. When a hotfix is released for 2.5.1, I will roll back.

      YanikY 1 Reply Last reply Reply Quote 0
      • YanikY
        Yanik @spigandromeda
        last edited by

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • S
          slu
          last edited by

          One point is not really clear to me, is this only an issue if I use gateway groups?

          pfSense Gold subscription

          C 1 Reply Last reply Reply Quote 0
          • C
            CaliPilot @slu
            last edited by

            @slu said in PFsense CE 2.5.1 NAT broken on interface != default WAN:

            One point is not really clear to me, is this only an issue if I use gateway groups?

            Nope, in my case, we don't have gateway groups.

            Chris

            S 1 Reply Last reply Reply Quote 0
            • S
              slu @CaliPilot
              last edited by

              @calipilot
              hope Netgate can help us with an hotfix.

              pfSense Gold subscription

              1 Reply Last reply Reply Quote 0
              • 0
                0x00FE 0
                last edited by

                I confirm the same issue here.
                I have multi WAN setup, after the upgrade all NAT rules ceased to work.
                I advised a friend not to upgrade, he already did, but isn't suffering from the issue.
                It seems to be an issue with multi WAN configurations.

                I had to roll back to previous version.

                1 Reply Last reply Reply Quote 0
                • I
                  imanrnm
                  last edited by

                  i have the same problem.
                  i am on multi WAN and all port forwards stop functioning...

                  how can i downgrade to 2.5.0?

                  1 Reply Last reply Reply Quote 0
                  • 0
                    0x00FE 0
                    last edited by

                    @imanrnm unfortunately, there is no easy way. You have to download the older version and install it. You should also have a backup of your configuration to restore from.
                    I can see another post on your profile saying you've upgraded to 2.6.0, which is still in development and not recommended for production use.

                    I 1 Reply Last reply Reply Quote 0
                    • I
                      imanrnm @0x00FE 0
                      last edited by imanrnm

                      @0x00fe-0 Thank you for reply.
                      yeah i updated to 2.6.0 and the problem is gone but there is other problems!
                      for example my speed limiters aren't working now!

                      i have a veeam backup from 3 days ago before update to 2.5.1, i will try to restore that and see what happens.

                      all i know is that there is a real mess right now in my network because of a simple pfsense update and i will never again update my firewall right after they release it and will wait at least some days...

                      S J 2 Replies Last reply Reply Quote 0
                      • S
                        slu @imanrnm
                        last edited by

                        @imanrnm
                        we downgrade to 2.5.0, not perfect because of the openssl vulnerability.
                        https://www.openssl.org/news/vulnerabilities.html

                        And no note in the known issues:
                        https://docs.netgate.com/pfsense/en/latest/releases/21-02-2_2-5-1.html

                        pfSense Gold subscription

                        1 Reply Last reply Reply Quote 0
                        • Antonio76A
                          Antonio76
                          last edited by

                          Thanks God I found this post . I was going crazy .
                          NAT is not broken but suddenly stop working in 2.5.1 .

                          I must apologize to my certbot server since I'm requesting SSL like there is not tomorrow , and of course, my reverse proxy isn't happy !!!

                          Any workaround ? not feeling to downgrade or go BETA

                          cheers ,

                          S B 2 Replies Last reply Reply Quote 1
                          • S
                            slu @Antonio76
                            last edited by

                            @antonio76

                            unfortunately there is no information about a 2.5.x / -px release.
                            First time in over 10 years pfSense we can't upgrade the system.

                            pfSense Gold subscription

                            Antonio76A 1 Reply Last reply Reply Quote 2
                            • J
                              j.sejo1 @imanrnm
                              last edited by

                              @imanrnm Since CE and Plus + =(

                              Pfsense - Bacula - NagiosZabbix - Zimbra - AlienVault
                              Hardening Linux
                              Telegram: @vtlbackupbacula
                              http://www.smartitbc.com/en/contact.html

                              1 Reply Last reply Reply Quote 1
                              • Antonio76A
                                Antonio76 @slu
                                last edited by

                                @slu regretfully 😥

                                1 Reply Last reply Reply Quote 0
                                • B
                                  bennyc @Antonio76
                                  last edited by

                                  @antonio76
                                  No workaround or quick fix. See latest reply from Jim Pingle here: issue 11805
                                  The issue seems to be "in kernel" so bummer, we need to wait it out.

                                  4x XG-7100 (2xHA), 1x SG-4860, 1x SG-2100
                                  1x PC Engines APU2C4, 1x PC Engines APU1C4

                                  J 1 Reply Last reply Reply Quote 0
                                  • J
                                    j.sejo1 @bennyc
                                    last edited by

                                    @bennyc said in PFsense CE 2.5.1 NAT broken on interface != default WAN:

                                    No workaround or quick fix. See latest reply from Jim Pingle here: issue 11805
                                    The issue seems to be "in kernel" so bummer, we need to wait it out.

                                    UPDATE for: Jim Pingle

                                    2.6.0 snapshots are currently working correctly, and the fix was checked into RELENG_2_5_0. Whatever release happens next will behave correctly either way (e.g. a 2.6.0 release or a 2.5.x point or patch release).

                                    Pfsense - Bacula - NagiosZabbix - Zimbra - AlienVault
                                    Hardening Linux
                                    Telegram: @vtlbackupbacula
                                    http://www.smartitbc.com/en/contact.html

                                    1 Reply Last reply Reply Quote 0
                                    • infosamu.itI
                                      infosamu.it
                                      last edited by

                                      I have the same issue. We have nat rules on a multiwan configuration. Upgrading from 2.5.0 to 2.5.1 nat rules on wan1 works but those on wan2 are not working.

                                      we had to restore from backup. :(

                                      F 1 Reply Last reply Reply Quote 1
                                      • F
                                        finnschi @infosamu.it
                                        last edited by

                                        +1 here I have the same issue with multi-WAN ..

                                        I was going nuts why my vpn wasnt working anymore... out of options I googled if it was a issue with 2.5.1..

                                        well at least I can stop blaming myself :P

                                        V 1 Reply Last reply Reply Quote 0
                                        • V
                                          vajonam Rebel Alliance @finnschi
                                          last edited by

                                          Think this was the fix.

                                          https://github.com/pfsense/FreeBSD-src/commit/cf7fd16ddcc36499c6dae90074335e889dc9e484

                                          infosamu.itI 1 Reply Last reply Reply Quote 0
                                          • infosamu.itI
                                            infosamu.it @vajonam
                                            last edited by

                                            @vajonam can you explain how to solve the issue?

                                            S V 2 Replies Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.