How to remove NAT rule from console



  • I created a NAT rule wrong, and now I can not access the administration console. I can remove it with a command?



  • How are you accessing the GUI?
    There should not be any NAT involved…
    How do you have access to the console?
    Via ssh?

    You could modify the config.xml directly.



  • I have no access to GUI, because the rule that I created in error prevents it.
    I can access the console but in the file "config.xml", can not find any references to NAT.

    Can you help please?



  • Look for the <nat>tag

    It should look something like this:

    <nat><ipsecpassthru><rule><protocol>udp</protocol>
                <external-port>53</external-port>
                <target>Bluemage</target>
                <local-port>53</local-port>
                <interface>wan</interface>
                <descr>TCP over DNS</descr></rule>
            <rule><protocol>tcp/udp</protocol>
                <external-port>5500</external-port>
                <target>Bluemage</target>
                <local-port>5500</local-port>
                <interface>wan</interface></rule>
            <rule><protocol>tcp/udp</protocol>
                <external-port>53436</external-port>
                <target>192.168.1.11</target>
                <local-port>53436</local-port>
                <interface>wan</interface></rule>
            <advancedoutbound><rule><source>
                        <network>any</network>

    <sourceport><descr><target><interface>wan</interface>
                    <destination><any></any></destination>
                    <natport></natport></target></descr></sourceport></rule>
                <enable></enable></advancedoutbound></ipsecpassthru></nat></nat>



  • Located, thank you very much



  • When I change the contents of the config.xml file and delete the rule, as I do to refresh the changes?

    Regads.



  • Just reboot ^^"

    Or switch to the developers shell and look at the help file.
    afaik there is somewhere the command listed to reload the config.


  • Rebel Alliance Developer Netgate

    edit the config, rm /tmp/config.cache, then run /etc/rc.filter_configure


Log in to reply