NAT rules failed to load after upgrade to 2.3.3 *SOLVED*

  • Having problems with NAT rules after the upgrade?

    check your logs, are you receiving errors related to ICMP rules?
    thats because there is a new field to select. "address family with icmp-type/code"

    you will need to go to every ICMP firewall rule, EDIT, and SAVE.

    after you have updated all ICMP related firewall rules, your NAT filters will load.

    There were error(s) loading the rules: /tmp/rules.debug:1166: must indicate address family with icmp-type/code - The line in question reads [1166]: pass in quick on $VLAN4_DBNET_4X proto icmp from any to $InternalSubnets icmp-type echoreq tracker 1447436708 keep state label "USER_RULE: Allow ping to internal subnets"
    @ 2017-02-25 10:06:29

  • Note: The problem does not always occur with ICMP rules. It is only if the rule has no other "clue" as to whether it is for IPv4 or IPv6. Rules that have a gateway, or are on an interface (like WAN) that has an IPv4 gateway will load OK.

    If you have a rule that gives you this trouble, then be careful when you edit it. If it had particular icmp-types selected, those will not get selected automatically in the edit screen. You will need to make sure to re-select those before pressing Save.

Log in to reply