Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFsense CE 2.5.1 NAT broken on interface != default WAN

    Scheduled Pinned Locked Moved NAT
    pfsense 2.5natbug2.5.1wan
    56 Posts 23 Posters 19.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      slu @imanrnm
      last edited by

      @imanrnm
      we downgrade to 2.5.0, not perfect because of the openssl vulnerability.
      https://www.openssl.org/news/vulnerabilities.html

      And no note in the known issues:
      https://docs.netgate.com/pfsense/en/latest/releases/21-02-2_2-5-1.html

      pfSense Gold subscription

      1 Reply Last reply Reply Quote 0
      • Antonio76A
        Antonio76
        last edited by

        Thanks God I found this post . I was going crazy .
        NAT is not broken but suddenly stop working in 2.5.1 .

        I must apologize to my certbot server since I'm requesting SSL like there is not tomorrow , and of course, my reverse proxy isn't happy !!!

        Any workaround ? not feeling to downgrade or go BETA

        cheers ,

        S B 2 Replies Last reply Reply Quote 1
        • S
          slu @Antonio76
          last edited by

          @antonio76

          unfortunately there is no information about a 2.5.x / -px release.
          First time in over 10 years pfSense we can't upgrade the system.

          pfSense Gold subscription

          Antonio76A 1 Reply Last reply Reply Quote 2
          • J
            j.sejo1 @imanrnm
            last edited by

            @imanrnm Since CE and Plus + =(

            Pfsense - Bacula - NagiosZabbix - Zimbra - AlienVault
            Hardening Linux
            Telegram: @vtlbackupbacula
            http://www.smartitbc.com/en/contact.html

            1 Reply Last reply Reply Quote 1
            • Antonio76A
              Antonio76 @slu
              last edited by

              @slu regretfully 😥

              1 Reply Last reply Reply Quote 0
              • B
                bennyc @Antonio76
                last edited by

                @antonio76
                No workaround or quick fix. See latest reply from Jim Pingle here: issue 11805
                The issue seems to be "in kernel" so bummer, we need to wait it out.

                4x XG-7100 (2xHA), 1x SG-4860, 1x SG-2100
                1x PC Engines APU2C4, 1x PC Engines APU1C4

                J 1 Reply Last reply Reply Quote 0
                • J
                  j.sejo1 @bennyc
                  last edited by

                  @bennyc said in PFsense CE 2.5.1 NAT broken on interface != default WAN:

                  No workaround or quick fix. See latest reply from Jim Pingle here: issue 11805
                  The issue seems to be "in kernel" so bummer, we need to wait it out.

                  UPDATE for: Jim Pingle

                  2.6.0 snapshots are currently working correctly, and the fix was checked into RELENG_2_5_0. Whatever release happens next will behave correctly either way (e.g. a 2.6.0 release or a 2.5.x point or patch release).

                  Pfsense - Bacula - NagiosZabbix - Zimbra - AlienVault
                  Hardening Linux
                  Telegram: @vtlbackupbacula
                  http://www.smartitbc.com/en/contact.html

                  1 Reply Last reply Reply Quote 0
                  • infosamu.itI
                    infosamu.it
                    last edited by

                    I have the same issue. We have nat rules on a multiwan configuration. Upgrading from 2.5.0 to 2.5.1 nat rules on wan1 works but those on wan2 are not working.

                    we had to restore from backup. :(

                    F 1 Reply Last reply Reply Quote 1
                    • F
                      finnschi @infosamu.it
                      last edited by

                      +1 here I have the same issue with multi-WAN ..

                      I was going nuts why my vpn wasnt working anymore... out of options I googled if it was a issue with 2.5.1..

                      well at least I can stop blaming myself :P

                      V 1 Reply Last reply Reply Quote 0
                      • V
                        vajonam Rebel Alliance @finnschi
                        last edited by

                        Think this was the fix.

                        https://github.com/pfsense/FreeBSD-src/commit/cf7fd16ddcc36499c6dae90074335e889dc9e484

                        infosamu.itI 1 Reply Last reply Reply Quote 0
                        • infosamu.itI
                          infosamu.it @vajonam
                          last edited by

                          @vajonam can you explain how to solve the issue?

                          S V 2 Replies Last reply Reply Quote 0
                          • S
                            slu @infosamu.it
                            last edited by

                            @infosamu-it
                            since the kernel must be rebuild, no chance to fix this with the patch package.
                            We also wait for a new pfSense release since we have issues with this bug.

                            pfSense Gold subscription

                            1 Reply Last reply Reply Quote 0
                            • V
                              vajonam Rebel Alliance @infosamu.it
                              last edited by vajonam

                              @infosamu-it since netgate hasn't released the build tools, not much we can do but wait for the next release AFAIK. 2.6.0 is an option but there are a few issues with that I know of

                              kernel panics #11839
                              counters 0/0 #11775
                              Also rate limiting seems broken as per another user. maybe related to #11775.

                              pfsense fun!

                              V 1 Reply Last reply Reply Quote 0
                              • S
                                shpokas
                                last edited by

                                Any timeframe we can expect a fix to be released?
                                Neither downgrade nor development version seems a great choice.

                                V 1 Reply Last reply Reply Quote 0
                                • V
                                  vajonam Rebel Alliance @shpokas
                                  last edited by

                                  I am also just a user who shares your pain, stuck on 2.5.1, any guesses will just be speculation at at this time.

                                  joao mariaJ 1 Reply Last reply Reply Quote 0
                                  • joao mariaJ
                                    joao maria @vajonam
                                    last edited by

                                    @vajonam

                                    tambem tive esse problema, resolvi assim
                                    5fd539d0-1a09-4317-ae52-cbb60f30ed2b-image.png desabilito - starto o serviço depois desmarco e funcionou.

                                    João Oliveira

                                    V 1 Reply Last reply Reply Quote 0
                                    • V
                                      vajonam Rebel Alliance @joao maria
                                      last edited by

                                      @joao-maria Hmm.. not sure I wan to disable firewall :-)

                                      1 Reply Last reply Reply Quote 0
                                      • V
                                        vajonam Rebel Alliance @vajonam
                                        last edited by vajonam

                                        @vajonam This is not true netgate has released the right build tools. together with another user I was able build the new kernel and install and can confirm it fixes the problem. so we have to hurry up and wait for a p1 or some such release officially.

                                        For others interested.
                                        https://github.com/Augustin-FL/building-pfsense-iso-from-source

                                        S 1 Reply Last reply Reply Quote 1
                                        • S
                                          slu @vajonam
                                          last edited by

                                          @vajonam
                                          thank you for this really detailed documentation!

                                          Maybe you can help Netgate to build -p1? 😉

                                          pfSense Gold subscription

                                          1 Reply Last reply Reply Quote 1
                                          • N
                                            neo666
                                            last edited by

                                            After many months with 2.4.5 I finally decided to upgrade to 2.5.1 last weekend and now I'm really upset about not having read the release notes and seen this topic before.

                                            Fortunately, I had few NAT rules on the secondary links and I managed to resolve it relatively quickly, but I will have to hope that my main link does not stop.

                                            I am miles away from the server (which is physical), rollback to the previous version is unthinkable at the moment.

                                            E 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.