• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Nat Forwarding issue - just for new rules

Scheduled Pinned Locked Moved NAT
5 Posts 2 Posters 556 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    Speck
    last edited by Speck Dec 3, 2018, 6:05 PM Dec 3, 2018, 1:57 PM

    Hi,

    I have PfSense version 2.4.4 (same behavior with 2.4.2_1 I had before ) and I have a strange behavior with nat reflection.

    i have let's say 50 rules, alla working fine ( Nat+proxy as system default ) now when i create a new rules, the nat reflection is not working only for this new rule.

    tried using different ports and different public IP, same issue.

    is seems that the rules are somehow cached and does not update.

    is there a way to force reload of this rules?

    in the system logs i see no errros, and upon fiter reloading all nat reflection rules "seems" to be created.

    i also tried deleting an old rule and creating a new one but it's still not working. If i re-create the same old rule it still works...that's why I think of some "cache" .

    all rules are 1 port port-forward so i have no more then 50 port-reflection.

    what can I check?

    thanks,
    Speck

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by johnpoz Dec 3, 2018, 2:03 PM Dec 3, 2018, 2:00 PM

      @speck said in Nat Forwarding issue - just for new rules:

      is there a way to force reload of this rules?

      0_1543845650332_reload.png

      Keep in mind that a reload doesn't kill OLD states...

      Existing states are evaluated before rules - so depending on what your doing exactly with your rules, maybe you need to kill off any existing states related to whatever rules your creating/editing/deleting

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      • S
        Speck
        last edited by Dec 3, 2018, 3:16 PM

        @johnpoz Hi,

        thanks for your reply.

        forgot to mention I already tried to "force" filter reload and I've also rebooted the firewall just to be sure to "clear" existing states.

        still same result, old rules works , new rule does not :(

        in filter reload staus I can see "new" rules and it states the nat reflection rules are created.

        i also see that xinetd deamon loads new services:

        xinetd -Reconfigured: new=0 old=151 dropped=0 (services) ( ok, they are more then 50 :D )

        let me know what else can I check!

        thanks,
        Michele

        S 1 Reply Last reply Dec 3, 2018, 6:04 PM Reply Quote 0
        • S
          Speck @Speck
          last edited by Dec 3, 2018, 6:04 PM

          just some more info,

          the states table looks like this:

          0_1543860131625_f1a4ab9c-2a4b-4380-ba63-fccfa7ffb9d7-image.png

          the first two rows are from a WAN connection, and everything works fine.

          the last three are from internal lan and guest WiFi, I always receive CLOSED:SYN_SENT

          I've also take two dumps from Wifi and Lan, but as far as I can see there is only SynSent also in dumps.

          i can upload them if needed.

          Thanks,
          Speck

          S 1 Reply Last reply Dec 20, 2018, 10:36 AM Reply Quote 0
          • S
            Speck @Speck
            last edited by Dec 20, 2018, 10:36 AM

            Anyone wih any hint?

            Thanks!

            bye,
            Speck

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received