Are there any recent issues with NAT?
-
Sorry for not being more specific. But I recently upgraded from the July 26th snapshot to the current snapshot, and since then machines in the "DMZ" (not really a DMZ but a guest network) can't connect to the internet anymore.
They get DHCP leases, they are shown as online, but when they try to access the internet, nothing happens.
So a software update must somehow have changed the behavior, or so it seems.
Unfortunately, I can't even find the July 26th snapshot anymore, to see if downgrading would fix the issue.
Pretty much at a loss, since all I did was upgrade the system, no configuration changes.
-
No recent issues specifically with NAT, but there are some issues with things like large tables that might cause issues loading the ruleset. That would affect everything, not just one interface, though.
Do you get any errors in the logs? What exactly is failing for the DMZ clients? DNS? Can they ping the firewall? The gateway? What do the states for DMZ clients look like? That kind of stuff.
Need a lot more info.
-
I can ping the clients from the pfSense box, but the clients can't seem to connect to the internet.
So at least basic network connectivity between clients and pfSense box seems to be given, but traffic doesn't go out.
Other than upgrading from the 20200726* build to the latest 20200910* build nothing changed.Traffic to/from the LAN works.
Which logs should I inspect?
Whole thing is a bit complicated by the fact that I'm currently stuck off-site and have to talk regular end-users through doing whatever tests need to be done on the clients. I have access to the pfSense box, though (ssh and web interface).
Since there were no (manual) configuration changes, I basically don't even know where to start looking.
-
Just noticed these errors:
There were error(s) loading the rules: /tmp/rules.debug:25: cannot define table bogonsv6: too many elements. - The line in question reads [25]: table <bogonsv6> persist file "/etc/bogonsv6" @ 2020-09-12 01:45:46Not sure if they have anything to do with it.
-
https://redmine.pfsense.org/issues/10861
-
Thanks!
OK, set that in System > Advanced > Tunables to the increased value.
Hope that does the trick. I will only know once I can get ahold of people on-site.
