Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT rules not getting processed?

    Firewalling
    2
    3
    149
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Daoshen
      last edited by

      Have some simple NAT rules that were working until recently, but now the traffic gets dropped by the deny all rule. Anyone have any idea what's happening here?
      2a71f296-e21d-439e-935a-9f34ebf639fb-image.png

      1d1418c2-a900-4b41-9215-b6d237a4600d-image.png

      For clarification those rules exists on the WAN.

      Only recent change was I disabled a rule on the LAN interface to see if it was needed and re-enabled after testing proved it was (not related to the above traffic.) I have tried rebooting, and rolling back the config and rebooting again but the behavior remains.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @Daoshen
        last edited by johnpoz

        @Daoshen Those rules don't look like they would ever work..

        Source port of 80 talking to 80, this is highly highly unlikely to ever be the case ever.. Same with your 443.. Source port is almost always going to be any..

        That would explain why your stuff is not matching the rule - see your block there, that is from source port 54228, not 80 or 443. So neither of those rules would of triggered on that traffic. Regardless of any of the other attributes matching..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        D 1 Reply Last reply Reply Quote 0
        • D
          Daoshen @johnpoz
          last edited by

          @johnpoz And now that it's pointed out it's so obvious why it's not working. Apologies, looks like I'll have to go back through the config history to see when the NATs were updated to have a source port.

          Thank you kindly

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.