Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT rules failed to load after upgrade to 2.3.3 *SOLVED*

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    2 Posts 2 Posters 672 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sputnic
      last edited by

      Having problems with NAT rules after the upgrade?

      check your logs, are you receiving errors related to ICMP rules?
      thats because there is a new field to select. "address family with icmp-type/code"

      you will need to go to every ICMP firewall rule, EDIT, and SAVE.

      after you have updated all ICMP related firewall rules, your NAT filters will load.

      EXAMPLE ERROR:
      There were error(s) loading the rules: /tmp/rules.debug:1166: must indicate address family with icmp-type/code - The line in question reads [1166]: pass in quick on $VLAN4_DBNET_4X proto icmp from any to $InternalSubnets icmp-type echoreq tracker 1447436708 keep state label "USER_RULE: Allow ping to internal subnets"
      @ 2017-02-25 10:06:29

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        Note: The problem does not always occur with ICMP rules. It is only if the rule has no other "clue" as to whether it is for IPv4 or IPv6. Rules that have a gateway, or are on an interface (like WAN) that has an IPv4 gateway will load OK.

        If you have a rule that gives you this trouble, then be careful when you edit it. If it had particular icmp-types selected, those will not get selected automatically in the edit screen. You will need to make sure to re-select those before pressing Save.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.