Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    21.02 - Killed NAT on one WAN interface

    NAT
    1
    1
    61
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gary 0 last edited by

      I will be the first person to say that I am stupid. So, we can get that out of the way.

      Has anyone else seen this problem. I upgraded to version 21.02 and the NAT on one of the two WAN interfaces stopped working. The traffic get passed in and redirect directed to its destination on the LAN without any problem. The destination returns a reply. The LAN interface on the pfSense sees it. So far, so good. The next step would be for pfSense to send it out one the WAN interface but there is nothing when I watch this process with tcpdump. I see the traffic coming on the WAN, going out on the LAN, coming back on the LAN and then nothing...

      Look at the /var/log/filter.log and /tmp/rules.debug. I found these two pieces of information.

      Feb 22 17:24:15 halley filterlog[19225]: 9,,,1000000104,igb0,match,block,out,4,0x0,,63,0,0,DF,6,tcp,60,<DEST IP>,<SRC IP>,20122,43435,0,SAE,2144135778,4175742565,65535,,mss;nop;wscale;sackOK;TS

      block out log inet all tracker 1000000104 label "Default deny rule IPv4"

      Obviously, pfsense is executing the default deny rule but...

      1. Why is it doing it on only one of the two WAN interfaces?

      2. It was working for years with version 2.4.5. Why did the version 21.02 provoke this problem?

      If anyone got any ideas, I would be interested. Putting in new NAT and firewalls has not solved the problem. Even adding a specific rule to pass all traffic to and from SRC and DEST addresses does work. It is like pfSense has lost track of this connection but it is indeed established in the state table.

      1 Reply Last reply Reply Quote 3
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense Plus
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy