• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Are there any recent issues with NAT?

Scheduled Pinned Locked Moved 2.5 Development Snapshots (Retired)
6 Posts 2 Posters 489 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rcfa
    last edited by Sep 10, 2020, 7:19 PM

    Sorry for not being more specific. But I recently upgraded from the July 26th snapshot to the current snapshot, and since then machines in the "DMZ" (not really a DMZ but a guest network) can't connect to the internet anymore.

    They get DHCP leases, they are shown as online, but when they try to access the internet, nothing happens.

    So a software update must somehow have changed the behavior, or so it seems.

    Unfortunately, I can't even find the July 26th snapshot anymore, to see if downgrading would fix the issue.

    Pretty much at a loss, since all I did was upgrade the system, no configuration changes.

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Sep 11, 2020, 12:56 PM

      No recent issues specifically with NAT, but there are some issues with things like large tables that might cause issues loading the ruleset. That would affect everything, not just one interface, though.

      Do you get any errors in the logs? What exactly is failing for the DMZ clients? DNS? Can they ping the firewall? The gateway? What do the states for DMZ clients look like? That kind of stuff.

      Need a lot more info.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • R
        rcfa
        last edited by Sep 12, 2020, 1:51 AM

        I can ping the clients from the pfSense box, but the clients can't seem to connect to the internet.
        So at least basic network connectivity between clients and pfSense box seems to be given, but traffic doesn't go out.
        Other than upgrading from the 20200726* build to the latest 20200910* build nothing changed.

        Traffic to/from the LAN works.

        Which logs should I inspect?

        Whole thing is a bit complicated by the fact that I'm currently stuck off-site and have to talk regular end-users through doing whatever tests need to be done on the clients. I have access to the pfSense box, though (ssh and web interface).

        Since there were no (manual) configuration changes, I basically don't even know where to start looking.

        R 1 Reply Last reply Sep 12, 2020, 1:53 AM Reply Quote 0
        • R
          rcfa @rcfa
          last edited by rcfa Sep 12, 2020, 1:54 AM Sep 12, 2020, 1:53 AM

          Just noticed these errors:

          There were error(s) loading the rules: /tmp/rules.debug:25: cannot define table bogonsv6: too many elements. - The line in question reads [25]: table <bogonsv6> persist file "/etc/bogonsv6"
@ 2020-09-12 01:45:46

          Not sure if they have anything to do with it.

          1 Reply Last reply Reply Quote 0
          • J
            jimp Rebel Alliance Developer Netgate
            last edited by Sep 12, 2020, 3:01 AM

            https://redmine.pfsense.org/issues/10861

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 1
            • R
              rcfa
              last edited by Sep 14, 2020, 2:44 PM

              Thanks!

              OK, set that in System > Advanced > Tunables to the increased value.

              Hope that does the trick. I will only know once I can get ahold of people on-site.

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received