Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Nat Forwarding issue - just for new rules

    NAT
    2
    5
    263
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Speck
      last edited by Speck

      Hi,

      I have PfSense version 2.4.4 (same behavior with 2.4.2_1 I had before ) and I have a strange behavior with nat reflection.

      i have let's say 50 rules, alla working fine ( Nat+proxy as system default ) now when i create a new rules, the nat reflection is not working only for this new rule.

      tried using different ports and different public IP, same issue.

      is seems that the rules are somehow cached and does not update.

      is there a way to force reload of this rules?

      in the system logs i see no errros, and upon fiter reloading all nat reflection rules "seems" to be created.

      i also tried deleting an old rule and creating a new one but it's still not working. If i re-create the same old rule it still works...that's why I think of some "cache" .

      all rules are 1 port port-forward so i have no more then 50 port-reflection.

      what can I check?

      thanks,
      Speck

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        @speck said in Nat Forwarding issue - just for new rules:

        is there a way to force reload of this rules?

        0_1543845650332_reload.png

        Keep in mind that a reload doesn't kill OLD states...

        Existing states are evaluated before rules - so depending on what your doing exactly with your rules, maybe you need to kill off any existing states related to whatever rules your creating/editing/deleting

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 23.05 | Lab VMs CE 2.6, 2.7

        1 Reply Last reply Reply Quote 0
        • S
          Speck
          last edited by

          @johnpoz Hi,

          thanks for your reply.

          forgot to mention I already tried to "force" filter reload and I've also rebooted the firewall just to be sure to "clear" existing states.

          still same result, old rules works , new rule does not :(

          in filter reload staus I can see "new" rules and it states the nat reflection rules are created.

          i also see that xinetd deamon loads new services:

          xinetd -Reconfigured: new=0 old=151 dropped=0 (services) ( ok, they are more then 50 :D )

          let me know what else can I check!

          thanks,
          Michele

          S 1 Reply Last reply Reply Quote 0
          • S
            Speck @Speck
            last edited by

            just some more info,

            the states table looks like this:

            0_1543860131625_f1a4ab9c-2a4b-4380-ba63-fccfa7ffb9d7-image.png

            the first two rows are from a WAN connection, and everything works fine.

            the last three are from internal lan and guest WiFi, I always receive CLOSED:SYN_SENT

            I've also take two dumps from Wifi and Lan, but as far as I can see there is only SynSent also in dumps.

            i can upload them if needed.

            Thanks,
            Speck

            S 1 Reply Last reply Reply Quote 0
            • S
              Speck @Speck
              last edited by

              Anyone wih any hint?

              Thanks!

              bye,
              Speck

              1 Reply Last reply Reply Quote 0
              • First post
                Last post