PFsense CE 2.5.1 NAT broken on interface != default WAN
-
@vajonam can you explain how to solve the issue?
-
@infosamu-it
since the kernel must be rebuild, no chance to fix this with the patch package.
We also wait for a new pfSense release since we have issues with this bug. -
@infosamu-it since netgate hasn't released the build tools, not much we can do but wait for the next release AFAIK. 2.6.0 is an option but there are a few issues with that I know of
kernel panics #11839
counters 0/0 #11775
Also rate limiting seems broken as per another user. maybe related to #11775.pfsense fun!
-
Any timeframe we can expect a fix to be released?
Neither downgrade nor development version seems a great choice. -
I am also just a user who shares your pain, stuck on 2.5.1, any guesses will just be speculation at at this time.
-
tambem tive esse problema, resolvi assim
desabilito - starto o serviço depois desmarco e funcionou.João Oliveira
-
@joao-maria Hmm.. not sure I wan to disable firewall :-)
-
@vajonam This is not true netgate has released the right build tools. together with another user I was able build the new kernel and install and can confirm it fixes the problem. so we have to hurry up and wait for a p1 or some such release officially.
For others interested.
https://github.com/Augustin-FL/building-pfsense-iso-from-source -
@vajonam
thank you for this really detailed documentation!Maybe you can help Netgate to build -p1?
-
After many months with 2.4.5 I finally decided to upgrade to 2.5.1 last weekend and now I'm really upset about not having read the release notes and seen this topic before.
Fortunately, I had few NAT rules on the secondary links and I managed to resolve it relatively quickly, but I will have to hope that my main link does not stop.
I am miles away from the server (which is physical), rollback to the previous version is unthinkable at the moment.
-
@neo666 I have just updated my pfsense today to 2.6.0-devel and that solved the problem. And as you i am also upset that netgate can let this bug happen and not make an quick patch for 2.5.1. An other question i have is why is not the plus version of pfsense effected. Now i am forced to run devel version in production.
-
@encyklopedi The plus version is paid and despite Netgate saying they will treat pfsense CE the same as the Plus version, pfsense CE is on the slow-track. Bug is fixed in the Plus version within days, the CE version just a pet project. And nobody give me bs that it is fixed in 2.6 so CE is not going to be left behind! 2.6 and the CE version is just a big testing ground for Netgate so they can keep Plus version stable a reliable for paying customers. Why don’t they just admit it, would clear up a lot of confusion and people would be able to make a strategic choice if to continue with Netgate product or what version to choose.
-
@vjizzle I don't have a problem if that the case. But then should Netgate be open with that. So if people/corporations feel the need for quick support they know that they need to be on the plus-version and not on CE-version.
-
@encyklopedi Exactly my point. Put your big-boy pants on and just come clean and do it quick.
-
So as I start to realize now, they won't do any bug fixes anymore. Screw you guys.
-
I can not understand why this problem is not in the know issues list, people still run into this known issue... -
@slu said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
I can not understand why this problem is not in the know issues list, people still run into this known issue...
https://docs.netgate.com/pfsense/en/latest/releases/21-02-2_2-5-1.html
It is in the release notes (link above), unfortunately I only found it when I was already facing the problem and after analyzing all my infrastructure because days before the firmware upgrade I had exchanged one of my gateways equipment and I thought it could be it.
In my opinion the right thing would be to remove the download file as soon as the problem has been reported, since a solution apparently will not be quick.
-
@neo666 said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
It is in the release notes (link above), unfortunately I only found it when I was already facing the problem and after analyzing all my infrastructure because days before the firmware upgrade I had exchanged one of my gateways equipment and I thought it could be it.
Ok, the known issue list is grow up now since i look the last time.
-
Any solution to this problem?
From what I can figure out, Plus version is fixed, but I can't run that on my own hardware, so it's a dead end.
CE version seems abandoned in terms of fixing issues. This has been an issue for a long time now.
I've always been happy with the support and features of pfSense, but I guess it's time to move on :-(
-
@jim82 said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
CE version seems abandoned in terms of fixing issues. This has been an issue for a long time now.
I don't think so, the fix is included in new versions/builds and it look like 2.5.2 is coming:
https://redmine.pfsense.org/versions/65
