Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Solved: Problems with NAT on Virtual IP

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 531 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      siefert
      last edited by

      Hi,

      I have suddenly problems with an configuration that worked for a long time, problems exist maybe since the last update (The connection is not used every day, so I can't determine the exact time):

      2.3.4-RELEASE-p1

      I have defined an VirtualIP, and corresponding NAT rule:

      WAN TCP * * "VirtualIP" 443 (HTTPS) 192.168.28.18 443 (HTTPS)

      There ist a corresponding automatic generated Firewall rule, and I have Automatic outbound NAT rule generation.

      Since a few days i have the problem that the firewall blocks the outgoing NAT-Traffic, some lines form the log:

      Aug 2 10:56:00 LAN 192.168.28.18:443 80.187.101.26:1261 TCP:SA
      Aug 2 10:56:06 LAN 192.168.28.18:443 80.187.101.26:1063 TCP:R
      Aug 2 10:56:09 LAN 192.168.28.18:443 80.187.101.26:1147 TCP:R
      Aug 2 10:56:12 LAN 192.168.28.18:443 80.187.101.26:1261 TCP:R
      Aug 2 10:57:40 LAN 192.168.28.18:443 80.187.101.26:6406 TCP:SA
      Aug 2 10:57:43 LAN 192.168.28.18:443 80.187.101.26:6406 TCP:SA
      Aug 2 10:57:49 LAN 192.168.28.18:443 80.187.101.26:6406 TCP:SA

      I tried to reconfigure all the rules, i tried to switch to Manual Outbound NAT rule generation, but nothing helps.

      As I mentioned above, this rules worked for more than a year till last week….

      Thank for your support!

      Wolfgang

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Are you actually experiencing a connectivity problem or are you just seeing firewall log entries?

        https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection

        Actual blocked connections will show up as TCP:S for SYN.

        https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment

        Also, all those logs are on LAN which further proves the already-closed states.

        An actual blocked connection would be logged on the WAN interface.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • S
          siefert
          last edited by

          Sorry, this Post can be closed, it was an Pebkac….

          I have an backup firewall and I forgot to disable the WAN Interface on this machine after the last update, so the Backup machine grabbed the VirtualIP first.... The gateway is on the production machine and so the firewall blocked the traffic....

          Thanks

          Wolfgang

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.