Endpoint-independent Outbound NAT (eimnat) rules
-
@Bob.Dig Thank you for being another person on the internet with this problem. I'm used to being the only one with weird edge case bugs.
-
@luckman212 I think you are one of the few early testers.
Besides this new NAT-feature, everything works fine so far.
-
@luckman212 @Bob.Dig If you can reproduce the issue on the RC, would you try again with the debug kernel? Hopefully that will contain additional useful info. See:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/debug-kernel.html -
@marcosm I just replicated the crash on the debug kernel and uploaded the dump to nextcloud. Hope it helps.
If this panic can't be fixed in kernel then at least Input Validation should block users from clicking both EIMNAT + Static Port...
-
That matches the crash we reproduced. It will be fixed in the release.
-
@marcosm That's good news. Glad you guys snagged this last minute!
-
@marcosm today was received update System25.11.r.20251126.1732. Is this issue was resolved?
-
The good thing, with 25.11.r.20251126 it is not crashing immediately. But does it do anything, I can't tell. None of the linked NAT-type-check-sites report any difference to not having it enabled.
-
@Bob.Dig Did you test with static ports or only nat? Because crashed was , if use together with static ports.
-
@Antibiotic I did test. It's no longer crashing with both "static port" and "eim nat" checked together. Not sure still what the behavioral differences are between running with just one vs both checked. This will hopefully get some more documentation and examples over time.
