PFsense CE 2.5.1 NAT broken on interface != default WAN
-
@vjizzle I don't have a problem if that the case. But then should Netgate be open with that. So if people/corporations feel the need for quick support they know that they need to be on the plus-version and not on CE-version.
-
@encyklopedi Exactly my point. Put your big-boy pants on and just come clean and do it quick.
-
So as I start to realize now, they won't do any bug fixes anymore. Screw you guys.
-
I can not understand why this problem is not in the know issues list, people still run into this known issue... -
@slu said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
I can not understand why this problem is not in the know issues list, people still run into this known issue...
https://docs.netgate.com/pfsense/en/latest/releases/21-02-2_2-5-1.html
It is in the release notes (link above), unfortunately I only found it when I was already facing the problem and after analyzing all my infrastructure because days before the firmware upgrade I had exchanged one of my gateways equipment and I thought it could be it.
In my opinion the right thing would be to remove the download file as soon as the problem has been reported, since a solution apparently will not be quick.
-
@neo666 said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
It is in the release notes (link above), unfortunately I only found it when I was already facing the problem and after analyzing all my infrastructure because days before the firmware upgrade I had exchanged one of my gateways equipment and I thought it could be it.
Ok, the known issue list is grow up now since i look the last time.
-
Any solution to this problem?
From what I can figure out, Plus version is fixed, but I can't run that on my own hardware, so it's a dead end.
CE version seems abandoned in terms of fixing issues. This has been an issue for a long time now.
I've always been happy with the support and features of pfSense, but I guess it's time to move on :-(
-
@jim82 said in PFsense CE 2.5.1 NAT broken on interface != default WAN:
CE version seems abandoned in terms of fixing issues. This has been an issue for a long time now.
I don't think so, the fix is included in new versions/builds and it look like 2.5.2 is coming:
https://redmine.pfsense.org/versions/65 -
@slu IF the maintenance release 2.5.2 is coming they sure are taking all the time. Besides, the redmine does not show nearly the actual bugs in 2.5.1. The multiwan bug is not there and nothing abound an unbound fix either.
I sure am not paying a dime to Netgate, and am not planning to with this attitude. I am waiting for when I can upgrade my own hardware to a Plus version IF reasonably priced. In the meantime I enjoy 2.4.5 p1 CE.
-
Bom dia! Amigos
ainda estou na versão 2.5.0, mais diante de todos os problemas penso em mudar tirar os PF e investir em outra tecnologia já que não estamos tendo ajuda. -
@vjizzle Yeah I would also like to upgrade towards the Plus version and begin a paid subscription, but it's not possible with own hardware.
-
@jim82 yeah I am not doing the paid subscription lol. I will upgrade my own hardware IF reasonabley priced, for a one time fee. Otherwise I am moving on.
-
This happened to me on CE when upgrading from to 2.5.0 to 2.5.1 NAT no longer works for me on the first WAN.
I'm glad I finally saw this. -
Yesterday I updated my pfsense at my office from 2.5.0 to 2.5.1. A few minutes later, I tried to access to the cameras and didn't work (I access to my CCTV using NAT). Later I discoverd this issue in the forum. Fortunately, today I upgraded to 2.5.2-BETA and the issue was solved. The only problem that I have after the system updated was pfblocker (the DNSBL ). I reloaded the DNSBL. After this, all seems working properly.
What i learned from this event is to check all the forums first before an update.I'm been using pfsense since 2018 and never has this issue.
I'm really surprised because NAT is the most basic option of any firewall.
Hope this helps to anyone who has the same issue.
-
2.5.2 Release Notes Rules/NAT says that Issue #11805 is fixed
"Fixed: Port forward rules only function through the default gateway interface, reply-to does not work for Multi-WAN (CE Only)"I did not upgrade yet, I'm waiting for the weekend in case I face an issue with the upgrade so I cannot test at the moment.
Always backup your configuration before you attempt an upgrade and make sure you can physically reach the location (remote location) if an issue occurs.
-
-
Finally good news, better late than never!
I will apply the update tonight, hope it works out.
Cheers!
-
In the time it took to fix this critical bug, I was able to:
- Set up and thoroughly test out OPNsense in a staging environment
- Find viable replacements for all the pfSense plugins and features I was using
- Weigh the pros and cons of switching to OPNsense
- Realize that open source pfSense has become a second class citizen
- Provision a new production firewall with OPNsense
- Manually copy the configuration from pfSense to the new OPNsense box
- Retire my pfSense box and switch permanently to OPNsense
