• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

error(s) loading the rules: /tmp/rules.debug

Scheduled Pinned Locked Moved NAT
2 Posts 2 Posters 1.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    keropikos
    last edited by keropikos Dec 6, 2018, 6:10 PM Dec 6, 2018, 2:15 PM

    Hi all,

    i have just made a fresh install of pfSense 2.4.4-p1 on a vm (proxmox), and after setting up my various interfaces and settings, i have also enabled NAT reflection in Pure NAT and the options to "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from".

    Finally i started adding my NAT rules (i used to have on pfSense 2.3 and older versions working okay), for port forwarding to differnt ports of my network computers and with Aliases (both FQDN and IPS) as sources.

    The problem is, that after setting all up and rebooting the internet connectivity was not working well and no incoming rules where also working.
    The red bell-notification showed me messages ""There were error(s) loading the rules: /tmp/rules.debug /tmp/rules.debug no nat on vtnet proto tcp from... " for every NAT rule i had setup. (I tried deleting one by one the rules that the notification stated but as i saw in the debug file all the rules had the same problem).

    When i disabled the option "Automatic create outbound NAT rules that direct traffic back out to the same subnet it originated from", the tables reloaded correctly and the inbound rules worked okay from the outside but not from the internal network (NAT reflection stopped working without this option).

    my WAN connection is pppoe with DHCPV6.

    All the rules where created from the beggining as it is a fresh install.

    This is the problem for every NAT rule i have setup at the rules.debug file for the first rule:

    rdr on { vtnet0 vtnet1 vtnet2 } proto tcp from $Aliases to XX.XX.XX.XX port 2223 -> 172.16.54.2 port 22
    no nat on vtnet0 proto tcp from vtnet0 to 172.16.54.2 port 22
    nat on vtnet0 proto tcp from 172.16.54.0/24 to 172.16.54.2 port 22 -> 172.16.54.1 port 1024:65535

    vtnet 0,1,2 are my different interfaces and 172.16.54.0/24 is my LAN subnet for the specific port forward and xx.xx.xx.xx my wan ip.

    *Edit
    With NAT+Proxy there is no problem reloading the tables and reflection works, but with thw NAT+Proxy limitations of port number for me at least.

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Dec 7, 2018, 2:31 PM

      What is the full and exact error message? You might need to check in the system log, or with it set in the problematic way, run pfctl -f /tmp/rules.debug from a shell prompt and check what it prints.

      Normally the syntax of the line you posted would be fine, but it's possible there is some point in some when that interface doesn't have an address which might cause pf to fail to expand the macro temporarily. In that case it might be a race condition and thus difficult to reproduce.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received