Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    To 2.5.1 or not ? that is the question :)

    Scheduled Pinned Locked Moved General pfSense Questions
    108 Posts 39 Posters 35.8k Views 33 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG Offline
      Gertjan @Alanesi
      last edited by Gertjan

      @alanesi said in To 2.5.1 or not ? that is the question :):

      I can access Pfsense from the internet using HTTPS

      To make that work, you need a firewall rule on the WAN interface.

      @alanesi said in To 2.5.1 or not ? that is the question :):

      but not my local server which using HTTP

      To make that work, you need a NAT rule.

      To make it work again, you need to do some step by step NAT troubleshooting.
      Can't tell you nothing because you told us close to nothing.

      2 details :
      Opening your https pfSense webserver to the Internet should be IP limited. Normally, its just is not done.
      The IP you use to connect to the pfSense from the outside (you do connect from the outside, aren't you ?) indicates that you use the right IP.

      edit :

      A real example :

      I have a 'DiskSation' (Synology NAS) living on my LAN. It has IPv4 192.168.1.33
      pfSense has 192.168.1.1/24.

      The HTTPS access of a DiskSation, by default, is 5001.

      I added this NAT rule to pfSense :

      abbddd13-ae42-4d37-aecc-6c824409e4eb-image.png

      and now I can access - from anywhere from the Internet, my DiskSation using https://myip.tld

      Because I'm PATting from 443 to 5001 in pfSense, I t all works right away **

      ** That is : I also had to NAT my upstream ISP router.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      AlanesiA 1 Reply Last reply Reply Quote 0
      • AlanesiA Offline
        Alanesi @Gertjan
        last edited by

        @gertjan I appreciate your prompt reply.

        I have reviewed the configurations but still cannot find the issue.

        Port.png

        2021-04-21_15-01-00.png

        Cool_CoronaC 1 Reply Last reply Reply Quote 0
        • C Offline
          cellobita @Yanik
          last edited by

          @yanik Current status, according to https://redmine.pfsense.org/issues/11805:

          • The bug with NAT not working on non-default gateways exists, and has been fixed;

          • However, the patch involves an issue in the kernel, so it is not possible to patch it in-place.

          • It will be included in the next release, but no, they do not know when that will be.

          • From the amount of "I'm experiencing this too" posts there that have been periodically removed by jimp, it seems fairly widespread - I hope that this means that there'll be an interim release prior to 2.6.0, which is far in the future.

          Marcello Marques
          Santos - SP - Brazil

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG Offline
            Gertjan @cellobita
            last edited by

            @cellobita said in To 2.5.1 or not ? that is the question :):

            From the amount of "I'm experiencing this too" posts there that have been .....

            Not enough as you can see.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            C 1 Reply Last reply Reply Quote 0
            • Cool_CoronaC Offline
              Cool_Corona @Alanesi
              last edited by

              @alanesi Your doing it wrong.

              http -> http on wan ports and forwarded to http redirect to internal server

              GertjanG AlanesiA 2 Replies Last reply Reply Quote 0
              • GertjanG Offline
                Gertjan @Cool_Corona
                last edited by

                @cool_corona

                Yeah, the port range, from 80 to 82 :

                a1446f7f-bce4-4131-860f-a4b8e238333f-image.png

                If the port range is needed he would be needing it, I guess.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • C Offline
                  cellobita @Gertjan
                  last edited by

                  @gertjan I suppose we've been relegated to second-class citizen status - this won't be the first time that an open source project leaves non-paying users behind. Can't say I'm surprised.

                  OTOH, this has made me look at alternatives to pfSense more closely, which is always a nice idea - one tends to default to familiar paths for new installations (I know I have done that, over the past 12 or so years deploying open source firewalls).

                  Marcello Marques
                  Santos - SP - Brazil

                  1 Reply Last reply Reply Quote 1
                  • M Offline
                    marvosa @Gertjan
                    last edited by

                    @gertjan

                    1a) does it have a WAN IP ? Is it a valid IP ? Does it have a gateway ? Are these addresses known / seen before.

                    Yes to all 4 questions.

                    Step 2 to 11 : sending a ping to some remote network, knowing there is no 'route' only proves there is no route.

                    It proves the router/firewall isn't routing traffic, which is different than not having a route. The default route was there... and the firewall itself was able to get to the internet... but for some reason, PFsense wasn't routing internal traffic to the internet.

                    Restarting DNS doesn't has anything to do with routes.

                    Never said it did. Once the ping to google.com failed, I bounced the DNS service just in case the issue was DNS related vs routing, which has happened before. After that, a failed ping to 8.8.8.8 proved I wasn't able to hit the internet and likely a routing issue of some kind.

                    It's hard to say what happened in your case, but it could be something like this :

                    Updating pfsense to 2.5.0 needs a kernel update. To do this, it needs to reboot to load the new kernel. The reboot will take you pfSense WAN NIC down for a moment. The mdoem sees this, and act upon that event, like : a upstream re negotiation.

                    Anything's possible I suppose. Although, the 2.4.5-p1 -> 2.5.0 upgrade went without issue... it was he 2.5.0 ->2.5.1 that gave me grief, but I get what you're saying. Considering my wife works from home and my son is doing distance learning... I'm just glad I was home to deal with the outage when it happened.

                    1 Reply Last reply Reply Quote 0
                    • B Offline
                      BJunior
                      last edited by

                      Can I restore the settings from version 2.5.1 on a 2.5.0 installation? NAT problems scratched my reputation with my users. I never imagined that something like this could happen with an official pfsense release

                      Cool_CoronaC 1 Reply Last reply Reply Quote 0
                      • Cool_CoronaC Offline
                        Cool_Corona @BJunior
                        last edited by

                        @bjunior Yes you can. And a lot has been scratched....

                        B 1 Reply Last reply Reply Quote 0
                        • B Offline
                          BJunior @Cool_Corona
                          last edited by

                          @cool_corona Thanks for information. I'll do it.

                          1 Reply Last reply Reply Quote 0
                          • AlanesiA Offline
                            Alanesi @Cool_Corona
                            last edited by

                            @cool_corona , @Gertjan It can't say It's wrong as long the port is covered in the range it should work as it was working before. However, I changed it to only port 80 but still the same issue standing. I have the same issue in this line https://redmine.pfsense.org/issues/11805:

                            1 Reply Last reply Reply Quote 0
                            • S Offline
                              shaik
                              last edited by

                              Hello Brothers, I create username as existing not admin member user in pfsense 2.5.1, I allow to status - system logs - port authentication to this existing user , but not showed to existing user, please resolve my query.

                              1 Reply Last reply Reply Quote 0
                              • G Offline
                                geovaneg
                                last edited by

                                Hi,

                                We have a problem here with IPSec mobile clients on 2.5.1 version:

                                https://forum.netgate.com/topic/164440/disconnect-button-is-dropping-all-active-connections

                                The 2.4.5-p1 version was solid as a rock.

                                I´m not very happy with change in version policy of Netgate.

                                Geovane

                                1 Reply Last reply Reply Quote 0
                                • S Offline
                                  stefanl
                                  last edited by

                                  Just upgraded from 2.4.5-p1 to 2.5.2. Haven't encountered any problems (yet). pfBlockerNG, IPsec and OpenVPN are all working.

                                  W 1 Reply Last reply Reply Quote 1
                                  • W Offline
                                    Waqar.UK @stefanl
                                    last edited by

                                    @stefanl Same here. Went smoothly.

                                    1 Reply Last reply Reply Quote 1
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.