SOLVED! All NAT Traffic is blocked after upgrade + restore
-
I backed up my config, created a new installation using ISO 31.Dec.2010 an restored my config. Everything looks and works fine, but all my NAT traffic is blocked by firewall (shown in firewall log as "BLOCK TCP:s").
I can diagnostic/ping to wan successfully and ICMP packets are NATed/replied fine through pfsense.
Whatever rule I add (even "Easy rules" untouched), nothing helps.
One more test: Factory defaults, IPs, DNS, Default GW setup: NAT works perfectly. I restore my config again: Argh - all connections are blocked again.
And I'd really like to restore my settings, because I have a lot of OpenVPN clients & servers, cetificates etc. there.
What can I do?
Some attachments:
Here a part of my firewall log (sorry, forum didn't make it possible to upload screenshot)
block
Jan 1 21:42:55 ovpns2 192.168.0.38:50631 192.168.42.129:80 TCP:S
block
Jan 1 21:42:55 LAN 192.168.42.131:137 192.168.42.191:137 UDP
block
Jan 1 21:42:55 WAN 81.20.128.130:57462 198.78.197.254:80 TCP:S
block
Jan 1 21:42:56 LAN 192.168.42.131:137 192.168.42.191:137 UDP
block
Jan 1 21:42:57 LAN 192.168.42.131:137 192.168.42.191:137 UDP
block
Jan 1 21:42:58 WAN 81.20.128.130:55850 213.221.117.6:4812 TCP:S
block
Jan 1 21:42:59 WAN 81.20.128.130:21191 213.221.117.6:4812 TCP:S
block
Jan 1 21:42:59 WAN 81.20.128.130:5764 213.221.117.6:4812 TCP:SThen I figured out a little bit more:
It looks, as if I set up all my (auto generated) rules as "block" instead of "pass"… If I change the not working NAT firewall rule from "Pass" to "Reject", I can feel the immediate reject, so my rules seems to stay a little bit functional...
-
Argh, I'm an idiot! I added a reject rule at "Floating", but this is maybe stronger than my WAN/LAN pass rules! And I did only figure that out by clicking on the red "X", that opens a message, which rule made the reject. And this I only figured out after searching the web for a long time…