Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Firewall rules stopped syncing after NAT change

    HA/CARP/VIPs
    1
    1
    579
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tricon last edited by

      Hi,

      I had two newly installed 2.5.2-RELEASE nodes happily working together. I decided to switch to manual NAT mode so I could set manual rules.

      Unfortunately after I changed to manual NAT mode, I started seeing errors from the GUI when trying to SYNC firewall rules:

      A communications error occurred while attempting to call XMLRPC method host_firmware_version: @ 2021-10-20 13:00:52
A communications error occurred while attempting to call XMLRPC method host_firmware_version: @ 2021-10-20 13:00:53

      I tried switching back to automatic NAT mode, but the errors still appeared whenever I tried to modify a firewall rule.

      I looked in the primary node system log, it showed:

      Oct 20 13:00:51	check_reload_status	373	Syncing firewall
Oct 20 13:00:52	php-fpm	84966	/rc.filter_synchronize: Beginning XMLRPC sync data to https://10.12.0.42:443/xmlrpc.php.
Oct 20 13:00:52	php-fpm	84966	/rc.filter_synchronize: A communications error occurred while attempting to call XMLRPC method host_firmware_version:
Oct 20 13:00:52	php-fpm	84966	/rc.filter_synchronize: New alert found: A communications error occurred while attempting to call XMLRPC method host_firmware_version:
Oct 20 13:00:52	php-fpm	84966	/rc.filter_synchronize: Beginning XMLRPC sync data to https://10.12.0.42:443/xmlrpc.php.
Oct 20 13:00:52	php-fpm	84966	/rc.filter_synchronize: A communications error occurred while attempting to call XMLRPC method host_firmware_version:
Oct 20 13:00:52	php-fpm	84966	/rc.filter_synchronize: New alert found: A communications error occurred while attempting to call XMLRPC method host_firmware_version:
Oct 20 13:00:52	php-fpm	84966	/rc.filter_synchronize: XMLRPC versioncheck: -- 21.7
Oct 20 13:00:52	php-fpm	84966	/rc.filter_synchronize: The pfSense software configuration version of the other member could not be determined. Skipping synchronization to avoid causing a problem!
Oct 20 13:00:53	check_reload_status	373	Reloading filter

      The SYNC interface has the same rules on both sides:

      Screenshot from 2021-10-20 14-40-20.png

      Could the NAT mode change somehow cause mismatch between the physical rules and what appears in the GUI?

      If anyone has any clues what caused this or how to fix it please, it would be very much appreciated. Thanks!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post