1:1 NAT problem after upgrading
-
I just upgraded to the latest built (Mon Oct 19 22:48:47 UTC 2009) and my 1:1 NAT no longer works.
The firewall log shows the following reason for the blocked traffic:
The rule that triggered this action is:
@117 block drop in log quick all label "Default deny rule"
Do I need a rule now for 1:1 NAT? I can't recall having one before…
UPDATE: I found that the problem is caused by 1:1 NAT no longer translating outbound traffic to the correct IP address specified in the 1:1 NAT configuration.
UPDATE 2: I didn't upgrade for like 2 weeks now because I was on vacation. One traffic shaper rule also failed loading after the upgrade, but I fixed that by re-running the wizard.
UPDATE 3: Since the machine using this rule is my VOIP box, I resolved this by using port forwarding. I was going to change that from 1:1 NAT anyhow, but I forgot...
Thanks,
Jens -
Will this be fixed?
I also have a question. For VOIP, is it better to use 1:1 NAT or NAT with Port Forwarding? So far I used 1:1 NAT because it allowed me to set trixbox to NAT=route.
Thanks,
Jens -
Will this be fixed?
There are no known issues with 1:1 NAT. I've setup numerous systems with 1:1 on 1.2.3.
-
Hmmm, that it is odd. I mean it isn't an obvious problem because it works inbound, but it uses a different IP for outbound connections. I normally wouldn't have noticed it, but VOIP is more picky…
Could it be that something went wrong with the upgrade on my pfSense box?
I can try 1:1 NAT again later, but I also had a RAID failure on another server this week and so I am kind of swamped... :(
Thanks,
Jens -
Do you have siproxd enabled? It will send out traffic on the WAN IP.