NAT reflection broken on recent amd64 builds?



  • 2.0-BETA4 (amd64)
    built on Tue Dec 7 07:38:11 UTC 2010

    On the above snapshot, NAT reflection seems to be working without issue.  However, after upgrading to the Dec. 10 build (not sure of the exact build on Dec. 10) NAT reflection doesn't appear to be working.  The same is true when upgrading to the most recent build (Sat Dec 11 07:39:43 UTC 2010).

    NAT rules which forward traffic from WAN -> LAN continue to work correctly, but fail when trying to access the same resource from the LAN.  No logs blocking the traffic are generated by the firewall (even when explicit logging is enabled on the rules).  Has anyone else noticed this?


  • Banned

    Seeing the same issue on the 11-Dec-2010 20:10  build i386.

    Other than that, things seem fine.


  • Rebel Alliance Developer Netgate

    It may be the same bug I've been tracking down with squid where its redirect isn't working either.

    I have a firmware update for amd64 with a patch backed out that works for me. Still waiting on feedback to find out what the underlying issue might be though.


  • Banned

    To me it seems like its killing the headers inside the packets that needs the redirection.

    If you kill the nat reflection, you get the PF login webpage. If you enable the reflection, packets get redirected, but they seem to loose information doing so. It comes up with an error, when it cant find what its looking for.



  • I also saw this issue after upgrading from Dec 7 to Dec 12.

    I did not have this issue when I upgraded from Nov 17 to Dec 12.

    Also I got rid of the problem by rebooting the pfsense box after installing the Dec 12.



  • In case anyone is following this thread, this issue appears to be resolved in the following snapshot:

    (2.0-BETA4 (amd64)
    built on Thu Dec 16 23:05:23 EST 2010


  • Banned

    NAT Reflection is still broken in 2.0-BETA4 (i386) built on Fri Dec 17 01:17:30 EST 2010

    No matter if you configure it manually in every rule and reboot or does using system default.

    It just returns you to the login page whether its enabled or not.


Locked