Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue with NAT Reflection on pfSense 1.2.3

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      althornin
      last edited by

      Background:
      I am running the nanobsd version of pfsense on an ALIX box.  As such, I am using vlans and trunking to accommodate the various subnets, etc.
      Currently, NAT reflection is working - I am using NAT reflection for an SSL protected web site (https).

      Issue:
      If I go into interfaces, and add another vlan to one of the physical interfaces, and then assign that vlan to a new interface (without even enabling the new interface!), shortly, I begin to have an issue where I get certificate warnings:  For some reason, the certificate of the pfsense box is being presented to internal attempts to access the host.  If I bypass the certificate error, I get a 404 - somehow, the pfsense box is attempting to respond rather than forwarding the request.
      I have tried enabling/disabling NAT reflection, I have tried re-creating the rules, I have rebooted the pfsense box.

      The only way to get NAT reflection working again is to delete the new interface and then delete the vlan that it was using.  Then the problem goes away.

      I'm baffled.  Anyone have any ideas?

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        2.0 is released, stop mucking about with 1.2.3.

        1 Reply Last reply Reply Quote 0
        • A
          althornin
          last edited by

          @submicron:

          2.0 is released, stop mucking about with 1.2.3.

          Well, I plan on upgrading, but thought that maybe in the interim someone could offer a solution until my next maintenance window.

          1 Reply Last reply Reply Quote 0
          • A
            althornin
            last edited by

            @althornin:

            @submicron:

            2.0 is released, stop mucking about with 1.2.3.

            Well, I plan on upgrading, but thought that maybe in the interim someone could offer a solution until my next maintenance window.

            I just labbed this out with a spare ALIX and my current config (install 1.2.3, restored my current config to it, upgraded to 2.0) and the issue does appear to be resolved in 2.0.

            Fair enough, I now know what I'll be doing in my next maintenance window.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.