Adding NAT Port Forwarding Rule Breaks WAN

  • Hello All,

    I have been using pfSense for about 9 months now and have had virtually no issues.  It has been a great product for me.

    Starting about 3 weeks ago, I began running into problems.

    I logged in to added a new port forwarding rule to allow my SIP phones to register from external sources.  Before the new rule change I noticed there was a pfSense update so I click on it and updated (version 2.1).  Within hours after this change I noticed the internet connection seems quite slow.  I have a business class cable internet connection (40mb down/20mb up) with 5 usable static IPs (/29).  I didn't pay much attention chalking it up to ISP issues.  The next morning the WAN connection was down.

    I began trouble shooting and saw the Gateway Monitoring was toggling between Offline, Latency and very high response times.  Every 30 minutes I would get 1 minute of WAN uptime and then it would drop.  If I went into the WAN interface and disabled it and then enabled it, it would work again for about 1 minute before the response time would climb until it went offline.

    I know there are many post about Gateway Monitoring and to disable it (I have been search for 3 week), keep in mind this has been up and running for 9 months this way.  However, I did try disabling it and it didn't have any effect.

    Once I saw the Gateway Monitoring results, I figured it was my ISP.  I called them and they said all of their tests on the modem were fine.  They offered to come for a service call but while I was talking to them I connected a laptop directly to the modem and pinged the gateway and it was working fine.  I told them I would confirm my side was not the issue and get back to them.  So now I was thinking it was the pfSense box.

    I read many posts about bad cables.  I have tried 5 different cables (in a bit I rule this out as the problem).

    My next thought was maybe the network card went bad (I was doubtful).  I swapped out the network card and had the same results.  I switched things back and played around with everything else I could find and kept disabling and enabling the WAN to get temporary WAN uptime.

    After some time and reboot and tickering it just starting working again.  I wasn't very confident since I didn't find the problem.

    This worked for about a week and them the same problem started again.  When I was able to get temporary WAN uptime, I saw there was an update and figured it was because of this bug.  So I upgraded to 2.1.1 but same issues.  Back to calling the ISP since I figured I had ruled everything out.  They said earlier in the day there were some issues but it was only effecting DHCP customers.  They tested everything again and still no problems they could see on their side.  They offered a service call but I put them off again because I wasn't confident that it was on their side.  I worked all night trying every suggest from the forums with no luck.  The next day there was another update for 2.1.2 so I updated hoping this was a fix but still the same issue.

    Since the weekend I have been trying everything with my servers offline this whole time.  I am at a loss.  I finally called the ISP again and requested a service call.  There was one post I found somewhere that the Motorola SBG6580 modem that I had pfSense didn't get along.  I found this hard to believe since it worked flawlessly for 9 months.  Anyway the service tech came and tested everything.  He changed the modem I think to make me feel better but he did say it was a newer model blah blah blah.  My new model is a ARRIS DG1670 (doesn't seem as good as the original).  He left but problem stayed.

    So yesterday I decided that maybe the config got messed up during an upgrade.  I read a few people had that problem in the past.  I pulled the hard drive and installed a fresh 2.1.2 on a usb drive for a test.  It came up with a DHCP address (I get that too) and everything was working, I monitored everything for awhile and no issues.  Then I restored a backup, instantly problem came back.  I was getting excited, I thought I ruled things out.

    So I went back to factory defaults, opened up the config file and manually entered everything in again, check everything as I completed each section.  The last section I entered was the Port Forwarding NAT Rules.  As soon as I enter the first rule the issue is back, no WAN.  If I delete the rule it does not help, the issue is there until I restore a backup.

    Right now my WAN is working via pfSense but I do not have any Port Forward Rules entered, everything else is configured.  That also means that my webserver, mailserver and voip server is down (unavailable to outside world).

    I am asking anyone who would take pity on me (and has read all of this) would be so kind to help me it would be greatly appreciated.


  • Banned

    Way damn too long. Post screenshots instead.

  • So the problem comes, when you start configuring port-forwards in NAT? Suppose a linked rule is added when you create the forward?
    How is your NAT outbound mode configured? manual/auto?
    To aid assistance here, I would post a little more details (IPs, interfaces, ports, …)
    When you say "add everything in", you do mean by gui right?

  • @doktornotor:

    Way damn too long. Post screenshots instead.


    A single screenshot of the port forward would indeed be worth more than a wall of text in this case.

Log in to reply