Outbound NAT: TCP working fine, UDP not at all
-
Hi,
we are on a pfsense cluster, using the captive portal feature, but I think our problem is NAT-related. Everything works fine until it comes to the UDP protocol from the clients in direction Internet. Be it IKE/ISAKMP, NTP, QUIC, or any other UDP traffic. I use manual Outbound Nat Rules.With some packet capture I could narrow it down a little.
The initial UDP packet from the client passes the pfsense from Inside to Internet and gets NATed correctly. The reply packets from the - say IKE gateway arrive on the public IP of the pfsense WAN interface. The reply packet is then NOT forwarded to the client on the Inside.This is since we moved the Captive Portal from a 2.4.4 cluster to a new 2.6.0 cluster.
I tried dedicated UDP Outbound NAT rules, I tried NAT to the CARP IP, then NAT to the WAN interface IP, always the same result. TCP works, UDP not. Double and triple checked all settings with the settings on the working 2.4.4 cluster, its the same.
Did I miss something or is this a bug?
best regards
Rainer -
@rhicinus said in Outbound NAT: TCP working fine, UDP not at all:
Did I miss something or is this a bug?
I do recall some udp issue with captive portal.. I think there is a patch - brb.
back: there is this
https://redmine.pfsense.org/issues/12834
And there is a patch you can apply in the patch manager
None of them apply to my needs which is why I don't have any of them applied.
-
Thank you,
I now just need to figure out how to get and apply the patch in the community version of pfsense (no Plus here)
best regards
-
@rhicinus you can use the patch manager in CE, it just doesn't auto fill patches and you have to add them... The info need should be in the redmine
I do see a commit id listed in the redmine
-
Hi,
to complete the topic: the patch worked for me and solved the issue.
Thank you