pfSense 2.5.0.a.20201127.0650 NAT Issues
-
@stephenw10 yes lagg0.3081 and lagg0.3082 are my two WANs.
To note: real IPs and ports is changed here to privacy.
About pcap - send by email.
In short - not see traffic on TIER1 while trying connect to TIER2 NATed port, but see strange TCP re-transmission. Note: for this rules NAT reflection disabled to simplify all scheme, in any case changing reflection on rule - do not change anything.
-
Replied on PM. But new need a pcap on the tier1 WAN while connecting via the tier2 WANB to verify replies are being sent that way rather than dropped for some reason.
You gateway groups are not being populated in the ruleset. The only reason that should ever happen normally is if you have not set
Skip rules when gateway is downand all the gateways were down. Which clearly isn't the case here.
You are not policy routing anything via those so it won't affect anything directly but could indicate the gateways have some odd setting.Steve
-
@stephenw10 said in pfSense 2.5.0.a.20201127.0650 NAT Issues:
You gateway groups are not being populated in the ruleset. The only reason that should ever happen normally is if you have not set Skip rules when gateway is down and all the gateways were down. Which clearly isn't the case here.
Yes, this isn't the case. I not see any bit of traffic when dump WAN TIER1 while trying connect to WAN TIER2. Can it be due promiscuous mode isn't enabled? I doesn't think so.
-
@stephenw10 send pfSense status report to your email
-
Hi, @stephenw10 I done full reinstall from scratch to 2.4.5_p1 on ssd and updated to 2.5.0.a.20201127.0650 and restored from backup - still same issue with:
GWWANGROUP = " " GWWANGROUP6 = " "I also found in logs:
Jan 5 00:16:21 php-fpm 97323 /rc.filter_configure_sync: An error occurred while trying to find the interface got `MyMainIPv6GWIP`. The rule has not been added. Jan 5 00:16:21 php-fpm 97323 /rc.filter_configure_sync: An error occurred while trying to find the interface got `MyMainIPv4GWIP`. The rule has not been added.Maybe this root case why I have this?
Also want to note: when I restore from backup - if I used console\terminal it always "merges" in strange way my xg7100u switch configs and break everything, due to this reinstall takes for me crazy long and was successful only on second time. It will be cool if pfsense on terminal also ask about preserving switch conf or not.
-
@stephenw10 can you please help with this issue? It still in place. Also I doesn't receive any updates on my development 2.5 pfsense even that comes on 2.4.5_p1 stable (on another xg7100u).
-
Hi,
after upgrading to 2.5.1 my port forwards only works for active wan. is it related to this bug?
any solution? -
@saeed you need update to latest version and it will fix nat, but not NPt for ipv6.
-
@dragoangel said in pfSense 2.5.0.a.20201127.0650 NAT Issues:
you need update to latest version and it will fix nat, but not NPt for ipv6.
it's a production server and already updated to 2.5.1
you mean update to latest development snapshot? -
@dragoangel
https://redmine.pfsense.org/issues/11805 -
@saeed I have pfsense plus so for me firmware is 21.02.2. For CE, yes - it still unresolved.
-
Despite extensive testing before release it's still possible to hit this in 2.5.1 CE but not as far as we know in 21.02.2 (Plus). Though it's unclear what the difference there is.
https://redmine.pfsense.org/issues/11805Steve
