Solved: Problems with NAT on Virtual IP

  • Hi,

    I have suddenly problems with an configuration that worked for a long time, problems exist maybe since the last update (The connection is not used every day, so I can't determine the exact time):


    I have defined an VirtualIP, and corresponding NAT rule:

    WAN TCP * * "VirtualIP" 443 (HTTPS) 443 (HTTPS)

    There ist a corresponding automatic generated Firewall rule, and I have Automatic outbound NAT rule generation.

    Since a few days i have the problem that the firewall blocks the outgoing NAT-Traffic, some lines form the log:

    Aug 2 10:56:00 LAN TCP:SA
    Aug 2 10:56:06 LAN TCP:R
    Aug 2 10:56:09 LAN TCP:R
    Aug 2 10:56:12 LAN TCP:R
    Aug 2 10:57:40 LAN TCP:SA
    Aug 2 10:57:43 LAN TCP:SA
    Aug 2 10:57:49 LAN TCP:SA

    I tried to reconfigure all the rules, i tried to switch to Manual Outbound NAT rule generation, but nothing helps.

    As I mentioned above, this rules worked for more than a year till last week….

    Thank for your support!


  • LAYER 8 Netgate

    Are you actually experiencing a connectivity problem or are you just seeing firewall log entries?"blocked"_for_traffic_from_a_legitimate_connection

    Actual blocked connections will show up as TCP:S for SYN.

    Also, all those logs are on LAN which further proves the already-closed states.

    An actual blocked connection would be logged on the WAN interface.

  • Sorry, this Post can be closed, it was an Pebkac….

    I have an backup firewall and I forgot to disable the WAN Interface on this machine after the last update, so the Backup machine grabbed the VirtualIP first.... The gateway is on the production machine and so the firewall blocked the traffic....