2.5.1-RC port-forwarding not working on WAN2

ed-tech

i have same issue with 2.5.1

j.sejo1

@edmond https://redmine.pfsense.org/issues/11805

lennok

Glad I found this discussion after some digging.

Same issue here. Why is this not listed in "known issues" yet!?
Seems discovered more than a week ago already. How long is suggested we wait before updating then?

This is very crucial to fix because we need NAT on all our WANS (7!). This is the real nightmare situation I always wanted to avoid again by moving to pfsense. At least this does not affect the built-in OpenVPNs.

Rollback is currently impossible since nobody can access the device for the next weeks. I hope "urgent" means top priority here.

j.sejo1

@lennok said in 2.5.1-RC port-forwarding not working on WAN2:

Glad I found this discussion after some digging.
Same issue here. Why is this not listed in "known issues" yet!?
Seems discovered more than a week ago already. How long is suggested we wait before updating then?
This is very crucial to fix because we need NAT on all our WANS (7!). This is the real nightmare situation I always wanted to avoid again by moving to pfsense. At least this does not affect the built-in OpenVPNs.
Rollback is currently impossible since nobody can access the device for the next weeks. I hope "urgent" means top priority here.

Hopefully the answer is not: you have to pay for pfsense Plus +

It is not being critical or pointing. But it is delicate because it is something of the essence of the FIRWEWALL.

It's like an update fails the blocking rules and everything is ANY .... = (

cust

This post is deleted!

xparanoik

@jimp does this bug currently exist on the upstream kernel?

coldfire7

There is also another issue in 2.5.1.
If a rule is created with a specified gateway (not a failover or load-balanced gw) and that gateway goes down, data starts flowing through the default gateway. In 2.4.5 this wasn't the case.
If anyone is wondering Skip rules when gateway is down is unchecked.

Bob.Dig

@coldfire7 No, that is and was the default behavior before.

coldfire7

@bob-dig but when I was using 2.4.5 if a GW went down I was getting timed out instead. :S

Bob.Dig

@coldfire7 I am sure about it, because I had to create a vpn killswitch for that, so...