PFsense CE 2.5.1 NAT broken on interface != default WAN
-
@antonio76
No workaround or quick fix. See latest reply from Jim Pingle here: issue 11805
The issue seems to be "in kernel" so bummer, we need to wait it out. -
@bennyc said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
No workaround or quick fix. See latest reply from Jim Pingle here: issue 11805
The issue seems to be "in kernel" so bummer, we need to wait it out.UPDATE for: Jim Pingle
2.6.0 snapshots are currently working correctly, and the fix was checked into RELENG_2_5_0. Whatever release happens next will behave correctly either way (e.g. a 2.6.0 release or a 2.5.x point or patch release).
-
I have the same issue. We have nat rules on a multiwan configuration. Upgrading from 2.5.0 to 2.5.1 nat rules on wan1 works but those on wan2 are not working.
we had to restore from backup. :(
-
+1 here I have the same issue with multi-WAN ..
I was going nuts why my vpn wasnt working anymore... out of options I googled if it was a issue with 2.5.1..
well at least I can stop blaming myself :P
-
Think this was the fix.
https://github.com/pfsense/FreeBSD-src/commit/cf7fd16ddcc36499c6dae90074335e889dc9e484
-
@vajonam can you explain how to solve the issue?
-
@infosamu-it
since the kernel must be rebuild, no chance to fix this with the patch package.
We also wait for a new pfSense release since we have issues with this bug. -
@infosamu-it since netgate hasn't released the build tools, not much we can do but wait for the next release AFAIK. 2.6.0 is an option but there are a few issues with that I know of
kernel panics #11839
counters 0/0 #11775
Also rate limiting seems broken as per another user. maybe related to #11775.pfsense fun!
-
Any timeframe we can expect a fix to be released?
Neither downgrade nor development version seems a great choice. -
I am also just a user who shares your pain, stuck on 2.5.1, any guesses will just be speculation at at this time.
-
tambem tive esse problema, resolvi assim
desabilito - starto o serviço depois desmarco e funcionou.João Oliveira
-
@joao-maria Hmm.. not sure I wan to disable firewall :-)
-
@vajonam This is not true netgate has released the right build tools. together with another user I was able build the new kernel and install and can confirm it fixes the problem. so we have to hurry up and wait for a p1 or some such release officially.
For others interested.
https://github.com/Augustin-FL/building-pfsense-iso-from-source -
@vajonam
thank you for this really detailed documentation!Maybe you can help Netgate to build -p1?
-
After many months with 2.4.5 I finally decided to upgrade to 2.5.1 last weekend and now I'm really upset about not having read the release notes and seen this topic before.
Fortunately, I had few NAT rules on the secondary links and I managed to resolve it relatively quickly, but I will have to hope that my main link does not stop.
I am miles away from the server (which is physical), rollback to the previous version is unthinkable at the moment.
-
@neo666 I have just updated my pfsense today to 2.6.0-devel and that solved the problem. And as you i am also upset that netgate can let this bug happen and not make an quick patch for 2.5.1. An other question i have is why is not the plus version of pfsense effected. Now i am forced to run devel version in production.
-
@encyklopedi The plus version is paid and despite Netgate saying they will treat pfsense CE the same as the Plus version, pfsense CE is on the slow-track. Bug is fixed in the Plus version within days, the CE version just a pet project. And nobody give me bs that it is fixed in 2.6 so CE is not going to be left behind! 2.6 and the CE version is just a big testing ground for Netgate so they can keep Plus version stable a reliable for paying customers. Why don’t they just admit it, would clear up a lot of confusion and people would be able to make a strategic choice if to continue with Netgate product or what version to choose.
-
@vjizzle I don't have a problem if that the case. But then should Netgate be open with that. So if people/corporations feel the need for quick support they know that they need to be on the plus-version and not on CE-version.
-
@encyklopedi Exactly my point. Put your big-boy pants on and just come clean and do it quick.
-
So as I start to realize now, they won't do any bug fixes anymore. Screw you guys.
