SOLVED! All NAT Traffic is blocked after upgrade + restore
I backed up my config, created a new installation using ISO 31.Dec.2010 an restored my config. Everything looks and works fine, but all my NAT traffic is blocked by firewall (shown in firewall log as "BLOCK TCP:s").
I can diagnostic/ping to wan successfully and ICMP packets are NATed/replied fine through pfsense.
Whatever rule I add (even "Easy rules" untouched), nothing helps.
One more test: Factory defaults, IPs, DNS, Default GW setup: NAT works perfectly. I restore my config again: Argh - all connections are blocked again.
And I'd really like to restore my settings, because I have a lot of OpenVPN clients & servers, cetificates etc. there.
What can I do?
Here a part of my firewall log (sorry, forum didn't make it possible to upload screenshot)
Jan 1 21:42:55 ovpns2 192.168.0.38:50631 192.168.42.129:80 TCP:S
Jan 1 21:42:55 LAN 192.168.42.131:137 192.168.42.191:137 UDP
Jan 1 21:42:55 WAN 22.214.171.124:57462 126.96.36.199:80 TCP:S
Jan 1 21:42:56 LAN 192.168.42.131:137 192.168.42.191:137 UDP
Jan 1 21:42:57 LAN 192.168.42.131:137 192.168.42.191:137 UDP
Jan 1 21:42:58 WAN 188.8.131.52:55850 184.108.40.206:4812 TCP:S
Jan 1 21:42:59 WAN 220.127.116.11:21191 18.104.22.168:4812 TCP:S
Jan 1 21:42:59 WAN 22.214.171.124:5764 126.96.36.199:4812 TCP:S
Then I figured out a little bit more:
It looks, as if I set up all my (auto generated) rules as "block" instead of "pass"… If I change the not working NAT firewall rule from "Pass" to "Reject", I can feel the immediate reject, so my rules seems to stay a little bit functional...
Argh, I'm an idiot! I added a reject rule at "Floating", but this is maybe stronger than my WAN/LAN pass rules! And I did only figure that out by clicking on the red "X", that opens a message, which rule made the reject. And this I only figured out after searching the web for a long time…