1:1 NAT problem after upgrading



  • I just upgraded to the latest built (Mon Oct 19 22:48:47 UTC 2009) and my 1:1 NAT no longer works.

    The firewall log shows the following reason for the blocked traffic:

    The rule that triggered this action is:

    @117 block drop in log quick all label "Default deny rule"

    Do I need a rule now for 1:1 NAT? I can't recall having one before…

    UPDATE: I found that the problem is caused by 1:1 NAT no longer translating outbound traffic to the correct IP address specified in the 1:1 NAT configuration.

    UPDATE 2: I didn't upgrade for like 2 weeks now because I was on vacation. One traffic shaper rule also failed loading after the upgrade, but I fixed that by re-running the wizard.

    UPDATE 3: Since the machine using this rule is my VOIP box, I resolved this by using port forwarding. I was going to change that from 1:1 NAT anyhow, but I forgot...

    Thanks,
    Jens



  • Will this be fixed?

    I also have a question. For VOIP, is it better to use 1:1 NAT or NAT with Port Forwarding? So far I used 1:1 NAT because it allowed me to set trixbox to NAT=route.

    Thanks,
    Jens



  • @jstraten:

    Will this be fixed?

    There are no known issues with 1:1 NAT. I've setup numerous systems with 1:1 on 1.2.3.



  • Hmmm, that it is odd. I mean it isn't an obvious problem because it works inbound, but it uses a different IP for outbound connections. I normally wouldn't have noticed it, but VOIP is more picky…

    Could it be that something went wrong with the upgrade on my pfSense box?

    I can try 1:1 NAT again later, but I also had a RAID failure on another server this week and so I am kind of swamped... :(

    Thanks,
    Jens



  • Do you have siproxd enabled? It will send out traffic on the WAN IP.


Log in to reply