Issue with NAT Reflection on pfSense 1.2.3



  • Background:
    I am running the nanobsd version of pfsense on an ALIX box.  As such, I am using vlans and trunking to accommodate the various subnets, etc.
    Currently, NAT reflection is working - I am using NAT reflection for an SSL protected web site (https).

    Issue:
    If I go into interfaces, and add another vlan to one of the physical interfaces, and then assign that vlan to a new interface (without even enabling the new interface!), shortly, I begin to have an issue where I get certificate warnings:  For some reason, the certificate of the pfsense box is being presented to internal attempts to access the host.  If I bypass the certificate error, I get a 404 - somehow, the pfsense box is attempting to respond rather than forwarding the request.
    I have tried enabling/disabling NAT reflection, I have tried re-creating the rules, I have rebooted the pfsense box.

    The only way to get NAT reflection working again is to delete the new interface and then delete the vlan that it was using.  Then the problem goes away.

    I'm baffled.  Anyone have any ideas?



  • 2.0 is released, stop mucking about with 1.2.3.



  • @submicron:

    2.0 is released, stop mucking about with 1.2.3.

    Well, I plan on upgrading, but thought that maybe in the interim someone could offer a solution until my next maintenance window.



  • @althornin:

    @submicron:

    2.0 is released, stop mucking about with 1.2.3.

    Well, I plan on upgrading, but thought that maybe in the interim someone could offer a solution until my next maintenance window.

    I just labbed this out with a spare ALIX and my current config (install 1.2.3, restored my current config to it, upgraded to 2.0) and the issue does appear to be resolved in 2.0.

    Fair enough, I now know what I'll be doing in my next maintenance window.


Log in to reply