Virtual Interface Nat rules did not update in firewall rules
-
Hello,
I am using pfSense-1.2.3-20090320-0527.iso. Web Interface is back!
I did a clean install and had to set up my email service config from scratch. I am using a virtual IP mapped to local 192 address. Then what I did, was configure the NAT forwarding rules, but instead of selecting SMTP, I actually selected SMTP/s. I realized this after applying the rules. I went back into NAT to edit the rule and selected SMTP and again, applied the rule.
When I tested the email, I kept getting errors. I restarted Pfsense. I still got errors.
I then checked Firewall–>Rules and noticed the changes in Firewall-->NAT did not carry over. After I edited the SMTP Rule, email began working.
I am under the impression that the NAT rules will automatically update in firewall rules. If this is not so then please excuse me.
-
NAT rules create a matching firewall rule by default (unless you uncheck the box).
If you change the NAT rule, you have to manually change the firewall rule. -
NAT rules create a matching firewall rule by default (unless you uncheck the box).
If you change the NAT rule, you have to manually change the firewall rule.Okay. I understand now. Can I play devil's advocate for a minute?
If I create a NAT rule, PFsense will auto create a firewall rule, but if I edit that same NAT rule, I then have to manually edit the related firewall rule. This leaves room for error doesn't it? Would it be too much trouble for PFsense to keep track of changes in NAT rules and update the firewall rules accordingly? or at the very least, remind me that I need to modify the related firewall rules? This behavior seems trivial and expected, but it's not. It's like my uncle who gave me a remoteless tv for my birthday, when for years remote tv's were in vogue. His reply…I don't want you getting too lazy now!
At the end of the day, PFsense still gets the job done and that's what counts. Thanks.
-
NAT rules create a matching firewall rule by default (unless you uncheck the box).
If you change the NAT rule, you have to manually change the firewall rule.Okay. I understand now. Can I play devil's advocate for a minute?
If I create a NAT rule, PFsense will auto create a firewall rule, but if I edit that same NAT rule, I then have to manually edit the related firewall rule. This leaves room for error doesn't it? Would it be too much trouble for PFsense to keep track of changes in NAT rules and update the firewall rules accordingly? or at the very least, remind me that I need to modify the related firewall rules? This behavior seems trivial and expected, but it's not. It's like my uncle who gave me a remoteless tv for my birthday, when for years remote tv's were in vogue. His reply…I don't want you getting too lazy now!
At the end of the day, PFsense still gets the job done and that's what counts. Thanks.
It's much like how if you delete a NAT rule it doesn't delete the firewall rule. Perhaps a warning on the NAT create screen that reminds you "This won't automatically edit or remove this firewall rule, only create it.."
or, we can add this to the documentation…..