Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound NAT stops working after upgrade

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 4 Posters 768 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dwainpipeuk
      last edited by

      Hi,

      Long time community user for a home setup. I've recently encountered issues after upgrading to 2.4.4 where after a few days the outbound NAT stops working, and internal clients cannot access the internet in any way. I'm still able to connect in through exposed services via the WAN, and also DNS resolver still works internally. Also I cannot ping out from pfSense SSH console as a test. My pfSense is a Gen2 Hyper-V VM.

      I'm wondering if this is a kernel issue for me, as if I do a reroot style restart, the problem persists, and actually the pfsense setup gets worse and does even stranger things, like losing access to webUI. If I do a full reboot, the problem goes away (until the next time).

      Is there any dumps that I can provide that might help this, or should I just downgrade, and wait until a new release?

      Kind Regards,

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        So the gateway logic as changed.. Do you have more than 1 wan or downstream routes and gateways setup?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 1
        • D
          dwainpipeuk
          last edited by

          I'm not sure if the config is the root cause, its mostly identical from the last 2 years. If the system requires a full reboot to function again, and will not function after a reroot, then something is getting upset in the kernel space?

          Anyways, I have 2 VPNs which i use as alternative outbound routes, otherwise only 1 WAN. I force insecure connections over these encrypted routes, such as DNS. I was thinking of making use of the TLS options now available for the DNS resolver, to sidestep some of this, but I wondered if the community could make use of this bug report.

          alt text

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Bug report - where?

            Hiding your rfc1918 space? Come on dude really?

            Did you set your gateway, that PPPoE or did you leave it on automatic?

            0_1541605764163_defaultgateway.png

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 1
            • D
              dwainpipeuk
              last edited by

              Hi Johnpoz

              Thank you for your help. It is currently set to automatic, I've set it as the PPPoE link now, I'll see if that helps. Not really sure how to raise a formal bug report correctly or collect the necessary information required, so I was trying to gauge how likely this issue might be worthy of reporting higher.

              Didnt mean to be overzealous when hiding personal info, just cant be too careful these days :D. I'll happily share more if its thought that it may benefit the community.

              Kind Regards

              L 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                A bug report would be filed on redmine. But really only after someone else can validate it.. If it is a "bug" then you would think someone else would be seeing it..

                If its something really unique to your setup then you would need to provide lots of details... Not just its not working

                "after a few days the outbound NAT stops working, and internal clients cannot access the internet in any way."

                My guess is the something would trigger off your gateway changing since it was automatic... This is the major change in 2.4.4 from .3 -- and could be troublesome with specific sorts of setups, etc.

                I ran into it other day setting up a sg3100, with a downstream gateway and it auto picking that for default vs the wan, etc.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • L
                  linkdragon70 @dwainpipeuk
                  last edited by

                  @dwainpipeuk hello!
                  I encountered the same error, I solved it by completely removing the interface in problem (vlan + dhcp + nat + rules, etc). Subsequently a small reboot and I put the interface in place with the same configuration and the problem has resolved.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    It's almost certainly the new gateway logic. There are a number of (now fixed) bug reports relating to that.

                    Settings it to the PPPoE gateway specifically should resolve but if not you might try a 2.4.5 snapshot that has those fixes in.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.