• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Outbound NAT: TCP working fine, UDP not at all

Scheduled Pinned Locked Moved NAT
5 Posts 2 Posters 961 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    Rhicinus
    last edited by May 20, 2022, 12:47 PM

    Hi,
    we are on a pfsense cluster, using the captive portal feature, but I think our problem is NAT-related. Everything works fine until it comes to the UDP protocol from the clients in direction Internet. Be it IKE/ISAKMP, NTP, QUIC, or any other UDP traffic. I use manual Outbound Nat Rules.

    With some packet capture I could narrow it down a little.
    The initial UDP packet from the client passes the pfsense from Inside to Internet and gets NATed correctly. The reply packets from the - say IKE gateway arrive on the public IP of the pfsense WAN interface. The reply packet is then NOT forwarded to the client on the Inside.

    This is since we moved the Captive Portal from a 2.4.4 cluster to a new 2.6.0 cluster.

    I tried dedicated UDP Outbound NAT rules, I tried NAT to the CARP IP, then NAT to the WAN interface IP, always the same result. TCP works, UDP not. Double and triple checked all settings with the settings on the working 2.4.4 cluster, its the same.

    Did I miss something or is this a bug?

    best regards
    Rainer

    J 1 Reply Last reply May 20, 2022, 1:18 PM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator @Rhicinus
      last edited by johnpoz May 20, 2022, 1:20 PM May 20, 2022, 1:18 PM

      @rhicinus said in Outbound NAT: TCP working fine, UDP not at all:

      Did I miss something or is this a bug?

      I do recall some udp issue with captive portal.. I think there is a patch - brb.

      back: there is this

      https://redmine.pfsense.org/issues/12834

      And there is a patch you can apply in the patch manager

      patches.jpg

      None of them apply to my needs which is why I don't have any of them applied.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      R 1 Reply Last reply May 20, 2022, 2:14 PM Reply Quote 1
      • R
        Rhicinus @johnpoz
        last edited by May 20, 2022, 2:14 PM

        Thank you,

        I now just need to figure out how to get and apply the patch in the community version of pfsense (no Plus here)

        best regards

        J 1 Reply Last reply May 20, 2022, 2:19 PM Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator @Rhicinus
          last edited by johnpoz May 20, 2022, 2:22 PM May 20, 2022, 2:19 PM

          @rhicinus you can use the patch manager in CE, it just doesn't auto fill patches and you have to add them... The info need should be in the redmine

          I do see a commit id listed in the redmine

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 1
          • R
            Rhicinus
            last edited by May 31, 2022, 2:14 PM

            Hi,

            to complete the topic: the patch worked for me and solved the issue.

            Thank you

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received