To 2.5.1 or not ? that is the question :)
-
@alanesi said in To 2.5.1 or not ? that is the question :):
I can access Pfsense from the internet using HTTPS
To make that work, you need a firewall rule on the WAN interface.
@alanesi said in To 2.5.1 or not ? that is the question :):
but not my local server which using HTTP
To make that work, you need a NAT rule.
To make it work again, you need to do some step by step NAT troubleshooting.
Can't tell you nothing because you told us close to nothing.2 details :
Opening your https pfSense webserver to the Internet should be IP limited. Normally, its just is not done.
The IP you use to connect to the pfSense from the outside (you do connect from the outside, aren't you ?) indicates that you use the right IP.edit :
A real example :
I have a 'DiskSation' (Synology NAS) living on my LAN. It has IPv4 192.168.1.33
pfSense has 192.168.1.1/24.The HTTPS access of a DiskSation, by default, is 5001.
I added this NAT rule to pfSense :
and now I can access - from anywhere from the Internet, my DiskSation using https://myip.tld
Because I'm PATting from 443 to 5001 in pfSense, I t all works right away **
** That is : I also had to NAT my upstream ISP router.
-
@gertjan I appreciate your prompt reply.
I have reviewed the configurations but still cannot find the issue.
-
@yanik Current status, according to https://redmine.pfsense.org/issues/11805:
-
The bug with NAT not working on non-default gateways exists, and has been fixed;
-
However, the patch involves an issue in the kernel, so it is not possible to patch it in-place.
-
It will be included in the next release, but no, they do not know when that will be.
-
From the amount of "I'm experiencing this too" posts there that have been periodically removed by jimp, it seems fairly widespread - I hope that this means that there'll be an interim release prior to 2.6.0, which is far in the future.
-
-
@cellobita said in To 2.5.1 or not ? that is the question :):
From the amount of "I'm experiencing this too" posts there that have been .....
Not enough as you can see.
-
@alanesi Your doing it wrong.
http -> http on wan ports and forwarded to http redirect to internal server
-
Yeah, the port range, from 80 to 82 :
If the port range is needed he would be needing it, I guess.
-
@gertjan I suppose we've been relegated to second-class citizen status - this won't be the first time that an open source project leaves non-paying users behind. Can't say I'm surprised.
OTOH, this has made me look at alternatives to pfSense more closely, which is always a nice idea - one tends to default to familiar paths for new installations (I know I have done that, over the past 12 or so years deploying open source firewalls).
-
1a) does it have a WAN IP ? Is it a valid IP ? Does it have a gateway ? Are these addresses known / seen before.
Yes to all 4 questions.
Step 2 to 11 : sending a ping to some remote network, knowing there is no 'route' only proves there is no route.
It proves the router/firewall isn't routing traffic, which is different than not having a route. The default route was there... and the firewall itself was able to get to the internet... but for some reason, PFsense wasn't routing internal traffic to the internet.
Restarting DNS doesn't has anything to do with routes.
Never said it did. Once the ping to google.com failed, I bounced the DNS service just in case the issue was DNS related vs routing, which has happened before. After that, a failed ping to 8.8.8.8 proved I wasn't able to hit the internet and likely a routing issue of some kind.
It's hard to say what happened in your case, but it could be something like this :
Updating pfsense to 2.5.0 needs a kernel update. To do this, it needs to reboot to load the new kernel. The reboot will take you pfSense WAN NIC down for a moment. The mdoem sees this, and act upon that event, like : a upstream re negotiation.
Anything's possible I suppose. Although, the 2.4.5-p1 -> 2.5.0 upgrade went without issue... it was he 2.5.0 ->2.5.1 that gave me grief, but I get what you're saying. Considering my wife works from home and my son is doing distance learning... I'm just glad I was home to deal with the outage when it happened.
-
Can I restore the settings from version 2.5.1 on a 2.5.0 installation? NAT problems scratched my reputation with my users. I never imagined that something like this could happen with an official pfsense release
-
@bjunior Yes you can. And a lot has been scratched....
-
@cool_corona Thanks for information. I'll do it.
-
@cool_corona , @Gertjan It can't say It's wrong as long the port is covered in the range it should work as it was working before. However, I changed it to only port 80 but still the same issue standing. I have the same issue in this line https://redmine.pfsense.org/issues/11805:
-
Hello Brothers, I create username as existing not admin member user in pfsense 2.5.1, I allow to status - system logs - port authentication to this existing user , but not showed to existing user, please resolve my query.
-
Hi,
We have a problem here with IPSec mobile clients on 2.5.1 version:
https://forum.netgate.com/topic/164440/disconnect-button-is-dropping-all-active-connections
The 2.4.5-p1 version was solid as a rock.
I´m not very happy with change in version policy of Netgate.
Geovane
-
Just upgraded from 2.4.5-p1 to 2.5.2. Haven't encountered any problems (yet). pfBlockerNG, IPsec and OpenVPN are all working.
-
@stefanl Same here. Went smoothly.
