Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Apply setting fails in latest builds, Invisible Cache?

    1.2.1-RC Snapshot Feedback and Problems-RETIRED
    1
    3
    2651
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AudiAddict
      last edited by

      I have two Dell r200 machines using the 1.2.1 RC (nov 08 version)

      For some reason I added a NAT portforward to a VIP (P-ARP) set to port 80 and a internal nat ip of 172.x

      This worked fine and was just to test this VIP. I deleted the NAT entry and for some reason even after 24hrs the portforward still works even though it's not in the list??

      Is this a cache problem? Or a bug? I've even tried to re-add the entry and set it to a different local nat ip, but it still goes to the wrong (old) internal ip (webserver).

      I've even reset the firewall and cleared the state table, tried different pc's, with different intenret connections, but all fail to display the new mapping.

      Anybody know what is going on? As a side note, this specific pfsense setup was a fresh install of 1.2.1 RC and then I imported a back-up of a other pfsense machine (identical hardware).

      It seems that some settings aren't applied properly? I have a block list as alias for example, adding a local ip there to test the block also seems to not be applied.

      Do I need to reinstall this machine from scratch? It seems as if it's " sick ". The old/current settings work perfect btw, just the weird NAT issue and any new changes don't seem to always work.

      1 Reply Last reply Reply Quote 0
      • A
        AudiAddict
        last edited by

        Testing the same NAT issue from a local LAN ip behind the pfsense to the vip gives the following states :

        tcp 127.0.0.1:19090 <- 80.x.x.x:80 <- 10.0.1.104:4329 TIME_WAIT:TIME_WAIT 
        tcp 127.0.0.1:19090 <- 80.x.x.x:80 <- 10.0.1.104:4330 TIME_WAIT:TIME_WAIT 
        tcp 127.0.0.1:19090 <- 80.x.x.x:80 <- 10.0.1.104:4331 TIME_WAIT:TIME_WAIT 
        tcp 127.0.0.1:19090 <- 80.x.x.x:80 <- 10.0.1.104:4332 TIME_WAIT:TIME_WAIT 
        tcp 127.0.0.1:19090 <- 80.x.x.x:80 <- 10.0.1.104:4333 TIME_WAIT:TIME_WAIT 
        tcp 127.0.0.1:19090 <- 80.x.x.x:80 <- 10.0.1.104:4334 TIME_WAIT:TIME_WAIT 
        tcp 127.0.0.1:19090 <- 80.x.x.x:80 <- 10.0.1.104:4335 TIME_WAIT:TIME_WAIT 
        tcp 127.0.0.1:19090 <- 80.x.x.x:80 <- 10.0.1.104:4336 TIME_WAIT:TIME_WAIT 
        tcp 127.0.0.1:19090 <- 80.x.x.x:80 <- 10.0.1.104:4337

        80.x.x is the VIP, why is it being NAT-ed to 127.0.0.1? Is this correct? If so, discard this specific reply, was hoping this was the reason?

        1 Reply Last reply Reply Quote 0
        • A
          AudiAddict
          last edited by

          Tried a firmware upgrade, it says latest version dec 05, downloads, it says updating, then the fw reboots, when clicking on fw update again, it shows that it's not been updated.

          Another test regarding the alias settings, I add an ip to the alias list (to allow IP access to a certain server) and this doesn;t work until I reboot several times.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post