Outbound NAT stops working after upgrade



  • Hi,

    Long time community user for a home setup. I've recently encountered issues after upgrading to 2.4.4 where after a few days the outbound NAT stops working, and internal clients cannot access the internet in any way. I'm still able to connect in through exposed services via the WAN, and also DNS resolver still works internally. Also I cannot ping out from pfSense SSH console as a test. My pfSense is a Gen2 Hyper-V VM.

    I'm wondering if this is a kernel issue for me, as if I do a reroot style restart, the problem persists, and actually the pfsense setup gets worse and does even stranger things, like losing access to webUI. If I do a full reboot, the problem goes away (until the next time).

    Is there any dumps that I can provide that might help this, or should I just downgrade, and wait until a new release?

    Kind Regards,


  • Rebel Alliance Global Moderator

    So the gateway logic as changed.. Do you have more than 1 wan or downstream routes and gateways setup?



  • I'm not sure if the config is the root cause, its mostly identical from the last 2 years. If the system requires a full reboot to function again, and will not function after a reroot, then something is getting upset in the kernel space?

    Anyways, I have 2 VPNs which i use as alternative outbound routes, otherwise only 1 WAN. I force insecure connections over these encrypted routes, such as DNS. I was thinking of making use of the TLS options now available for the DNS resolver, to sidestep some of this, but I wondered if the community could make use of this bug report.

    alt text


  • Rebel Alliance Global Moderator

    Bug report - where?

    Hiding your rfc1918 space? Come on dude really?

    Did you set your gateway, that PPPoE or did you leave it on automatic?

    0_1541605764163_defaultgateway.png



  • Hi Johnpoz

    Thank you for your help. It is currently set to automatic, I've set it as the PPPoE link now, I'll see if that helps. Not really sure how to raise a formal bug report correctly or collect the necessary information required, so I was trying to gauge how likely this issue might be worthy of reporting higher.

    Didnt mean to be overzealous when hiding personal info, just cant be too careful these days :D. I'll happily share more if its thought that it may benefit the community.

    Kind Regards


  • Rebel Alliance Global Moderator

    A bug report would be filed on redmine. But really only after someone else can validate it.. If it is a "bug" then you would think someone else would be seeing it..

    If its something really unique to your setup then you would need to provide lots of details... Not just its not working

    "after a few days the outbound NAT stops working, and internal clients cannot access the internet in any way."

    My guess is the something would trigger off your gateway changing since it was automatic... This is the major change in 2.4.4 from .3 -- and could be troublesome with specific sorts of setups, etc.

    I ran into it other day setting up a sg3100, with a downstream gateway and it auto picking that for default vs the wan, etc.



  • @dwainpipeuk hello!
    I encountered the same error, I solved it by completely removing the interface in problem (vlan + dhcp + nat + rules, etc). Subsequently a small reboot and I put the interface in place with the same configuration and the problem has resolved.


  • Netgate Administrator

    It's almost certainly the new gateway logic. There are a number of (now fixed) bug reports relating to that.

    Settings it to the PPPoE gateway specifically should resolve but if not you might try a 2.4.5 snapshot that has those fixes in.

    Steve