NAT rules completely dissappeared



  • 2.3.4

    Last weekend I had got myself into a bit of a situation. We were making some rather large changes (moving from one ISP to another).

    I've got a bunch of VIPs added to my WAN interface (I've got /27 from my ISP). Additionally, I've got manual outbound NAT so that various interfaces on my pfSense appear to be coming out of different IPs on that /27.

    I've also got about 50 or so port forwards to make everything work nicely.

    Anyway - I switched ISPs on the weekend. So I changed the IP address of the WAN interface. I then went and edited the VIPs as well. New ISP = New IP range so this was necessary.

    After several minutes I still couldn't connect. So I decided to check my port forwards. I go to Firewall > NAT - nothing there. Firewall > NAT > Outbound - Nothing. I downloaded the config file thinking this must be some sort of UI glitch but the <nat></nat>tags are totally missing.

    Fortunately I knew something like this could happen and covered my ass by grabbing a config file BEFORE beginning this re-IP addressing - I opened up this file, Located the <nat></nat>section in config.xml, used find+replace to change the IP addresses (so re-addressed the old VIPs to the new ones) and uploaded it - voila, back to normal.

    Does changing the WAN IP and/or editing the Virtual IPs cause your NAT rules to disappear if you've got port forwards / outbound NAT rules that depend on these VIPs? Seems somewhat dangerous. I purposely edited the VIPs and didn't delete them, I was afraid if I deleted them it'd cause errors. But editing them made the whole thing blow up anyway.

    Anyone else noticed this?


Log in to reply