Port Forward rules failing, Error "There were error(s) loading the rules: /tmp/rules.debug:201: macro 'pfB_PRI1_v4'..."

Swami_ · Mar 3, 2024, 1:48 AM

Hello fellow pfSense enthusiasts.

I'm getting frustrated so I thought I'd reach out here for some guidance.

I have a some ports forwarded but of the group of 10+, only 2 show up when I test with this service
Ports 443, 30000, 25565 and 8 others are supposed to be open. only 30000 and 25565 show as open.

I decided to upgrade from version 2.6.0 to 2.7.0, same problem. So I upgraded to current version 2.7.2 and had the same result.
After 2.7.2 upgrade I got this error.

There were error(s) loading the rules: /tmp/rules.debug:201: macro 'pfB_PRI1_v4' not defined - The line in question reads [201]: block return log quick on { igb1 } inet from any to $pfB_PRI1_v4 ridentifier 1770009447 label "USER_RULE: pfB_PRI1_v4 auto rule" label "id:1770009447" @ 2024-03-02 20:31:34

I also noticed that I can't re-order the rules, it will ask if I want to leave the page or stay on the page and it puts them back in the original order.

I used the youtube video Network Chuck to setup my pfsense originally and using Lawerence Systems to supplement my knowledge.
I've created and re-created the rules a few times over. Separated individual ports in NAT and groups into Port Alias Groups.

Nothing changes. Any suggestions? Do I need a full reinstall and re-setup from scratch?

johnpoz · Mar 3, 2024, 4:48 AM

@Swami_ said in Port Forward rules failing, Error "There were error(s) loading the rules: /tmp/rules.debug:201: macro 'pfB_PRI1_v4'...":

'pfB_PRI1_v4

Is a pfblocker thing - and pfblocker can also do auto rules.. So you prob have something going on there. I would disable pfblocker for your troubleshooting.

SteveITS · Mar 3, 2024, 6:45 AM

@Swami_ did you run an Update in pfBlocker?

Re ordering, you need to Save the rule page after reordering rules.

Swami_ · Mar 4, 2024, 2:10 AM

@johnpoz
Thanks for that insight. I disabled pfBlocker, waited a while and tried the port checker again. No change. Only 2 ports show open of 10+.

The error message didn't reappear though, until I re-enabled pfBlockerNG.

I did update all packages after the update from 2.6.0 -> 2.7.2. Currently using pfBlockerNG-devel 3.1.0_9

I could try reinstalling the package to see if it solves the error. Any other suggestions?

SteveITS · Mar 4, 2024, 2:48 AM

@Swami_ Did you run a Force Update though? pfB has to generate the alias.

Swami_ · Mar 5, 2024, 3:29 PM

@SteveITS
I have now run the Force Update. The error message is now gone.

The issue with port forwarding ports not being open still seem to be closed, even though I opened them.

2 out of 10+ ports are open, the rest are closed.

SteveITS · Mar 5, 2024, 5:05 PM

@Swami_ pfBlocker generates the aliases and download any lists only when a force update is run, or the pfBlocker cron/update task you configured runs.

re: open ports, post your NAT rules and we can see what that might be.

Swami_ · Mar 5, 2024, 5:38 PM

This post is deleted!

SteveITS · Mar 5, 2024, 5:47 PM

@Swami_ Is there a firewall on .50 and .40 and does it allow connections from any IP or just the local subnet?

For the Valheim rule there are 7 open states/connections.

Swami_ · Mar 5, 2024, 6:02 PM

@SteveITS
Both servers on .50 and .40 have firewalls disabled (temporarily).

.50 is a Windows Server
.40 is a Linux server

There are no restrictions at present on the local subnet. No VLAN, DMZ (yet), or segmenting. I run a single subnet.

For the Valheim game server on IP .40, I can connect to it locally in the game, but not externally.

And when I test with this IP/Port checker, only 30000 and 1 Minecraft port are open.

Swami_ · Mar 5, 2024, 6:48 PM

Gblenn · Mar 7, 2024, 1:05 PM

@Swami_ Valheim and Shrouded use pretty much the same ports, so perhaps it's better to create an alias with all the relevant ports for both those games. They are anyway running on the same server...
However, I would expect trouble having both of them up and running at the same time... unless they use a range of ports and can select based on availability.

Also, in the picture you provided, it seems that Valheim is actually working. In the first column, States, it sais 7/6.50MiB. This shows that you have or have had traffic related to that rule...

Swami_ · Mar 10, 2024, 6:26 PM

@Gblenn
Couldn't that just be internal traffic, from local PC to Game server? Since the traffic does go by the port even locally and I do have Pure Nat Reflection on.

This unfortunately all became a mute discussion, as a result of repeated power outages (and a failed UPS) my pfSense box is dead. I'm going to have to rebuild it from scratch.
I do have backups but considering the issues I'm having with simple port forwarding, I'd rather start over. I fortunately don't have a complex setup.

Thanks to @SteveITS @johnpoz @Gblenn for the help.

Swami_ · Mar 24, 2024, 6:28 PM

@Swami_

Hello again.

So after my rebuild, it's the same issue with port forwarding not working. The same 2 ports worked fine and after that, nothing works.

I even cloned the first rule I created (that did work) and just changed the port/destination IP and it still failed.

SteveITS · Mar 24, 2024, 7:36 PM

@Swami_ did you remove the conflicting ports forwards? (Try one at a time)