Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Are there any recent issues with NAT?

    Scheduled Pinned Locked Moved 2.5 Development Snapshots (Retired)
    6 Posts 2 Posters 488 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • rcfaR
      rcfa
      last edited by

      Sorry for not being more specific. But I recently upgraded from the July 26th snapshot to the current snapshot, and since then machines in the "DMZ" (not really a DMZ but a guest network) can't connect to the internet anymore.

      They get DHCP leases, they are shown as online, but when they try to access the internet, nothing happens.

      So a software update must somehow have changed the behavior, or so it seems.

      Unfortunately, I can't even find the July 26th snapshot anymore, to see if downgrading would fix the issue.

      Pretty much at a loss, since all I did was upgrade the system, no configuration changes.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        No recent issues specifically with NAT, but there are some issues with things like large tables that might cause issues loading the ruleset. That would affect everything, not just one interface, though.

        Do you get any errors in the logs? What exactly is failing for the DMZ clients? DNS? Can they ping the firewall? The gateway? What do the states for DMZ clients look like? That kind of stuff.

        Need a lot more info.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • rcfaR
          rcfa
          last edited by

          I can ping the clients from the pfSense box, but the clients can't seem to connect to the internet.
          So at least basic network connectivity between clients and pfSense box seems to be given, but traffic doesn't go out.
          Other than upgrading from the 20200726* build to the latest 20200910* build nothing changed.

          Traffic to/from the LAN works.

          Which logs should I inspect?

          Whole thing is a bit complicated by the fact that I'm currently stuck off-site and have to talk regular end-users through doing whatever tests need to be done on the clients. I have access to the pfSense box, though (ssh and web interface).

          Since there were no (manual) configuration changes, I basically don't even know where to start looking.

          rcfaR 1 Reply Last reply Reply Quote 0
          • rcfaR
            rcfa @rcfa
            last edited by rcfa

            Just noticed these errors:

            There were error(s) loading the rules: /tmp/rules.debug:25: cannot define table bogonsv6: too many elements. - The line in question reads [25]: table <bogonsv6> persist file "/etc/bogonsv6"
            @ 2020-09-12 01:45:46
            

            Not sure if they have anything to do with it.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              https://redmine.pfsense.org/issues/10861

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 1
              • rcfaR
                rcfa
                last edited by

                Thanks!

                OK, set that in System > Advanced > Tunables to the increased value.

                Hope that does the trick. I will only know once I can get ahold of people on-site.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.