pfSense 2.5.0.a.20201127.0650 NAT Issues

stephenw10

Replied on PM. But new need a pcap on the tier1 WAN while connecting via the tier2 WANB to verify replies are being sent that way rather than dropped for some reason.

You gateway groups are not being populated in the ruleset. The only reason that should ever happen normally is if you have not set Skip rules when gateway is down and all the gateways were down. Which clearly isn't the case here.
You are not policy routing anything via those so it won't affect anything directly but could indicate the gateways have some odd setting.

Steve

dragoangel

@stephenw10 said in pfSense 2.5.0.a.20201127.0650 NAT Issues:

You gateway groups are not being populated in the ruleset. The only reason that should ever happen normally is if you have not set Skip rules when gateway is down and all the gateways were down. Which clearly isn't the case here.

Yes, this isn't the case. I not see any bit of traffic when dump WAN TIER1 while trying connect to WAN TIER2. Can it be due promiscuous mode isn't enabled? I doesn't think so.

dragoangel

@stephenw10 send pfSense status report to your email

dragoangel

Hi, @stephenw10 I done full reinstall from scratch to 2.4.5_p1 on ssd and updated to 2.5.0.a.20201127.0650 and restored from backup - still same issue with:

GWWANGROUP = "  "
GWWANGROUP6 = "  "

I also found in logs:

Jan 5 00:16:21 	php-fpm 	97323 	/rc.filter_configure_sync: An error occurred while trying to find the interface got `MyMainIPv6GWIP`. The rule has not been added.
Jan 5 00:16:21 	php-fpm 	97323 	/rc.filter_configure_sync: An error occurred while trying to find the interface got `MyMainIPv4GWIP`. The rule has not been added. 

Maybe this root case why I have this?

Also want to note: when I restore from backup - if I used console\terminal it always "merges" in strange way my xg7100u switch configs and break everything, due to this reinstall takes for me crazy long and was successful only on second time. It will be cool if pfsense on terminal also ask about preserving switch conf or not.

dragoangel

@stephenw10 can you please help with this issue? It still in place. Also I doesn't receive any updates on my development 2.5 pfsense even that comes on 2.4.5_p1 stable (on another xg7100u).

saeed

Hi,
after upgrading to 2.5.1 my port forwards only works for active wan. is it related to this bug?
any solution?

dragoangel

@saeed you need update to latest version and it will fix nat, but not NPt for ipv6.

saeed

@dragoangel said in pfSense 2.5.0.a.20201127.0650 NAT Issues:

you need update to latest version and it will fix nat, but not NPt for ipv6.

it's a production server and already updated to 2.5.1
you mean update to latest development snapshot?

saeed

@dragoangel
https://redmine.pfsense.org/issues/11805

dragoangel

@saeed I have pfsense plus so for me firmware is 21.02.2. For CE, yes - it still unresolved.

stephenw10

Despite extensive testing before release it's still possible to hit this in 2.5.1 CE but not as far as we know in 21.02.2 (Plus). Though it's unclear what the difference there is.
https://redmine.pfsense.org/issues/11805

Steve